Hi all,
Sorry if this can look kinda off-topic.
I am trying to obtain SecurID dialup authentication working thru Cisco 2511.
I am using a Solaris Box as radiusd server (Latest Ascend's radiusd
compiled with ACE libs) and ACE Server (SecurID) host too.
Authentication using the "UNIX Client" works fine. BTW i am using user-defined
PIN numbers. The problem appears only with the "Communications Client".
I have inserted in the '/etc/raddb/users' file the following lines:
aceuser Password = "ACE"
User-Service-Type = Framed-User
In my Cisco the Solaris box is defined as the radius server.
When i try to authenticate using a "Communications Client" (My Solaris again),
i execute "/etc/radiusd -s -x" and for an 'aceusr' login attempt in my Cisco
2511 i get the following message:
Jun 10 01:51:01.744 radiusd[2149] Debugging enabled
Jun 10 01:51:01.760 radiusd[2149] config_init: dict_valfind(Lifetime-In-Days)
failed
Jun 10 01:51:39.622 radiusd[2149] New request: securid.1645, id=49
Jun 10 01:51:39.624 radiusd[2149] handle_radius_request: securid.1645,
id=49, code=1, length=75
request: Client-Id = 161.132.6.134 <<=== THIS IS MY CISCO 2511
request: Client-Port-Id = 18
request: User-Name = "aceusr"
request: Calling-Station-Id = "200.1.182.200" <<=== THIS IS THE REMOTE HOST
request: Password = "\025\263\213\215+\226r\332\342=\017\341\302\306];"
Jun 10 01:51:39.628 radiusd[2149] rad_authenticate
Jun 10 01:51:39.639 radiusd[2149] User record PASSWORD type is Token
Jun 10 01:51:39.640 radiusd[2149] authPapPwd
Jun 10 01:51:39.641 radiusd[2149] ace_pass: FAILED: no state attribute
Jun 10 01:51:39.644 radiusd[2149] ace_pass: securid.1645, id=49: FAILED
for user `aceusr'
Jun 10 01:51:39.646 radiusd[2149] send_reject: securid.1645, id=49
Of course 'aceusr' is included in the "User Activation List" for this client.
has anyone out there succeeded running SecurID using Cisco?
Enrique Vadillo-
|
|
