02.12.2011 17:33:09
zheron
Posts: 2
|
Running TekRADIUS 4.2.0.0, I am trying to authenticate my Cisco switches using active directory. Sometimes I can not logon at all, while other times I can logon ok, but it's really really slow.
I have configured two groups with the following attributes.
Group Name: Cisco
Attribute - Type - Value
Active-Directory-Group - Check - Cisco
cisco-avpair - Success-reply - shell:priv-lvl=15
Service-Type - Success-Reply - NAS-Prompt
Group Name: Cisco-Read
Attribute - Type - Value
Active-Directory-Group - Check - Cisco-Read
cisco-avpair - Success-reply - shell:priv-lvl=1
Service-Type - Success-Reply - NAS-Prompt
I have created and assigned users to these two groups that match their username within Active Directory. I have not assigned any attributes to these users other than assigning them to a TekRADIUS group.
On the clients tab I have added a Default NAS with my secret and with cisco as the vendor.
On the settings / Service Parameters tab I have enabled the Active Directory proxy.
In the logs in TekRADIUS I notice I occasionally get:
Invalid Auth. packet received from : 192.168.x.x:1812
So obviously it's getting packets in on the wrong port, but I don't know why. The cisco device is configured to use port 1645 and so is TekRADIUS, unless I've missed a command on the Cisco device or something in TekRADIUS, I don't know why I am getting those packets. Everything worked fine when I used Microsoft IAS, and the configs on the switches haven't changed.
|
|
|
0
• permalink
|
02.12.2011 23:18:32
Admin
Administrator
Posts: 1833
|
Hi,
I recommend you to upgrade TekRADIUS to the latest version 4.3.
Best regards,
Yasin KAPLAN
|
|
|
0
• permalink
|