[NTLUG:Discuss] OT: portmaster / radius configuration

Jack Snodgrass idiotboy at cybermail.net
Tue Oct 23 13:43:20 CDT 2001 

bad example. No ... I didn't use 'localhost'. I used the IP Address
of my linux box.

I know that the Cisco Ras 6430 gets the user, sends a userid
password check that is sent to the Radius server ( running on
a linux box ) and the Radius server sends back an 'okie-dokie'
In the case for user jack, it also should send back the telnet
info and the Cisco Ras server should make that connection
happen. That's the part where it doesn't seem to be working.

Once I end up at the Cisco RAS> prompt, I can telnet to
the server I want to telnet too.... or I can telnet to
any other server. Probably need to set up the security
on the RAS box so that I can't do that.

I really want this telnet ( or Rlogin ) to happen automatically.

Is there some security stuff I have to set up on the Cisco side
to do the telnet automatically?

jack



----- Original Message -----
From: "Eric Schnoebelen" <eric at cirr.com>
To: <discuss at ntlug.org>
Sent: Tuesday, October 23, 2001 9:55 AM
Subject: Re: [NTLUG:Discuss] OT: portmaster / radius configuration


>
> "Jack Snodgrass" writes:
> - Anyone know of a local ( free advice ) Portmaster/Raduis expert.
>
> I might qualify.. I've been running Radius on
> Portmaster/Ascend equipement for five or six years now..
>
> - I want to set up a telnet/shell user and can't get it to work. I've got
> - jack    Auth-Type = Local, Password = "test"
> -         Service-Type = Login-User,
> -         Login-IP-Host = localhost,
> -         Login-Service = Telnet,
> -         Login-TCP-Port = 23
> -
> - set up in the /etc/raddb/users file for radius ( I've tried two
different
> - radius servers and I've changed the userid/password so I know I'm
> - chaning the correct config file )
>
> Did you really list `localhost' as the Login-IP-Host?
>
> - When enver I login with my userid and password, I get a prompt
> - on the local RAS server. I don't automatically get the telnet connection
> - started to the server I have listed.
> -
> - Anyone know how this stuff is supposed to work?
>
> If you really listed `localhost' for Login-IP-Host, it's
> doing exactly as requested.  You told the access server to give
> the user a shell on the machine referred to as `localhost'.  You
> really want to make Login-IP-Host to be `<shell-server>'.
>
> Don't forget that using telnet as the Login-Service, the
> user is going to get a second set of login/password prompts as
> well.
>
>
> --
> Eric Schnoebelen eric at cirr.com http://www.cirr.com
> Due to circumstances beyond your control, you are master of
> your fate and captain of your soul.
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
>

More information about the Discuss mailing list