login using radius

[volleyman]

All,

I just configured a router to authenticate using radius. the radius server is a microsoft IAS server.

I am able to telnet and log into the router. When I attempt to change into enable mode, I get the following error:

% Error in authentication.


any ideas where I messed up? something on the router or somethng in the radius setup?

thanks,


Zane D.
Systems Admin

 

[volleyman]

I should mention that when I access the router via console, it also authenticates using radius. after logging in, I type "enable" and it works. but when I telnet I get the error message mentioned above.


Zane D.
Systems Admin

 

[Michoud]

I believe you need to set the privilege level to 15. Take a look at this link:

http://www.xs4all.nl/~hermanb/cisco-ias.htm

 

[volleyman]

strange...following those instructions I added both the Cisco attribute plus the reply-message attribute.

when i login, I see the reply message that I configured displayed but the privilege level still doesn't change!

Zane D.
Systems Admin

 

[volleyman]

got it, I was missing something in the router config. I added some lines using the following as a template and it started working:

username localuser password 0 localpassword
aaa new-model

aaa authentication login default group radius local
aaa authentication login if_needed local
aaa authorization exec default group radius if-authenticated

radius-server host 10.20.30.50 auth-port 1645 acct-port 1646 key 0 cisco
radius-server vsa send authentication

line con 0
login authentication if_needed

line vty 0 4
login authentication default


Zane D.
Systems Admin