Hi Neale, in your users file, Service-Type looks like a _check_ item, not a reply item. There is no comma between the Auth-Type and Service-Type entries. So its probably checking that the request is for NAS-Prompt-User, but the reply does not specifiy Service-Type = NAS-Prompt-User. Ciscos are very pick about that. Cheers. On Nov 3, 8:04am, Neale Banks wrote: > Subject: (RADIATOR) Service-Type = NAS-Prompt-User frustrations > Greetings all, > > With Radiator authenticating to a flat file, and given an entry: > > -------------------------------8<------------------------------- > neale Auth-Type = "System" > Service-Type = NAS-Prompt-User > -------------------------------8<------------------------------- > > with the dictionary including: > > -------------------------------8<------------------------------- > # grep Service-Type dictionary > ATTRIBUTE Service-Type 6 integer > VALUE Service-Type Login-User 1 > VALUE Service-Type Framed-User 2 > VALUE Service-Type Callback-Login-User 3 > VALUE Service-Type Callback-Framed-User 4 > VALUE Service-Type Outbound-User 5 > VALUE Service-Type Administrative-User 6 > VALUE Service-Type NAS-Prompt-User 7 > VALUE Service-Type Authenticate-Only 8 > VALUE Service-Type Callback-Admin-User 9 > VALUE Service-Type Annex-Authorize-Only 0x06300001 > VALUE Service-Type Annex-Framed-Tunnel 0x06300002 > VENDORATTR 166 Shiva-Service-Type 2 integer > VALUE Shiva-Service-Type VPN > -------------------------------8<------------------------------- > > The Cisco 5300 is insisting that the value being returned for Service-Type > is zero: > > -------------------------------8<------------------------------- > *Jan 16 04:40:53.081: RADIUS: Received from id 227 z.y.z.4:1812, Access-Accept, len 56 > *Jan 16 04:40:53.081: Attribute 8 6 FFFFFFFE > *Jan 16 04:40:53.081: Attribute 6 6 00000000 > *Jan 16 04:40:53.081: Attribute 9 6 FFFFFFFF > *Jan 16 04:40:53.081: Attribute 10 6 00000000 > *Jan 16 04:40:53.081: Attribute 12 6 000005DC > *Jan 16 04:40:53.081: Attribute 244 6 00000E10 > -------------------------------8<------------------------------- > > Rather unsurprisingly, this doesn't have the desired effect when the NAS > is looking to RADIUS for "exec" authorisation: > > RADIUS: Unknown service-type in shell-author: type=0 > RADIUS: no appropriate authorization type for user. > > Any suggestions on how to nail this one? > > Thanks, > Neale. > > > === > Archive at http://www.thesite.com.au/~radiator/ > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. >-- End of excerpt from Neale Banks -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
