Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Cisco>
  3. BBA
Tacacs+ Authentication
Neilrey.Espino at FundSERV
Feb 15, 2006, 9:22 AM
Post #1 of 4 (3989 views)
Permalink
Hi Guys,

Has anyone tried usin tacacs+ as the AAA server for the LNS to provide
IP for dsl clients ?

I have tested it successfully with the local database now I wanted to
try it on our existing tacacs+ server.

Here's my config below, Hopefully someone can help me point the problem.


on LNS :

aaa authentication ppp default group tacacs+
aaa authorization network default group tacacs+
aaa accounting network default start-stop group tacacs+


on DSL client router :

interface Dialer1
ip address negotiated
ip mtu 1492
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname neilrey@mydomain.com
ppp chap password 0 fundserv


on TACACS+ :

user = neilrey {
chap = cleartext "neilrey"
service = ppp protocol = ip
{
addr = 192.168.1.1
}
}




________________________________
Neilrey
RE: Tacacs+ Authentication [ In reply to ]
oboehmer at cisco
Feb 15, 2006, 9:47 AM
Post #2 of 4 (3824 views)
Permalink
Neilrey Espino <> wrote on Wednesday, February 15, 2006 6:23 PM:

> Hi Guys,
>
> Has anyone tried usin tacacs+ as the AAA server for the LNS to
> provide IP for dsl clients ?
>
> I have tested it successfully with the local database now I wanted to
> try it on our existing tacacs+ server.
>
> Here's my config below, Hopefully someone can help me point the
> problem.

> ppp chap hostname neilrey@mydomain.com
> ppp chap password 0 fundserv
>
>
> on TACACS+ :
>
> user = neilrey {
> chap = cleartext "neilrey"
> service = ppp protocol = ip
> {
> addr = 192.168.1.1
> }
> }

wrong chap password in the T+ profile?

oli

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba
RE: Tacacs+ Authentication [ In reply to ]
Neilrey.Espino at FundSERV
Feb 15, 2006, 9:54 AM
Post #3 of 4 (3829 views)
Permalink
Thanks Oliver... Sorry,,,it was a typo....here on my email.

I think I found something,,,let me make a test first..I will email
shortly if it's successful.

Thanks,

neilrey



-----Original Message-----
From: Oliver Boehmer (oboehmer) [mailto:oboehmer@cisco.com]
Sent: Wednesday, February 15, 2006 12:47 PM
To: Neilrey Espino; cisco-bba@puck.nether.net
Subject: RE: [cisco-bba] Tacacs+ Authentication


Neilrey Espino <> wrote on Wednesday, February 15, 2006 6:23 PM:

> Hi Guys,
>
> Has anyone tried usin tacacs+ as the AAA server for the LNS to provide

> IP for dsl clients ?
>
> I have tested it successfully with the local database now I wanted to
> try it on our existing tacacs+ server.
>
> Here's my config below, Hopefully someone can help me point the
> problem.

> ppp chap hostname neilrey@mydomain.com
> ppp chap password 0 fundserv
>
>
> on TACACS+ :
>
> user = neilrey {
> chap = cleartext "neilrey"
> service = ppp protocol = ip
> {
> addr = 192.168.1.1
> }
> }

wrong chap password in the T+ profile?

oli

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba
RE: Tacacs+ Authentication [ In reply to ]
Neilrey.Espino at FundSERV
Feb 16, 2006, 11:52 AM
Post #4 of 4 (3804 views)
Permalink
Hi Guys,


On my LNS I have added "tacacs-server directed-request" since my dsl
client is using neilrey@mydomain.com.

So it looks like this now : (hope this is right )

tacacs-server host 192.168.1.1
tacacs-server directed-request
tacacs-server key mykey


On TACACS config file ,, do I need to specify @mydomain.com as well ?

Thanks,

neilrey



-----Original Message-----
From: cisco-bba-bounces@puck.nether.net
[mailto:cisco-bba-bounces@puck.nether.net] On Behalf Of Neilrey Espino
Sent: Wednesday, February 15, 2006 12:55 PM
To: Oliver Boehmer (oboehmer); cisco-bba@puck.nether.net
Subject: RE: [cisco-bba] Tacacs+ Authentication

Thanks Oliver... Sorry,,,it was a typo....here on my email.

I think I found something,,,let me make a test first..I will email
shortly if it's successful.

Thanks,

neilrey



-----Original Message-----
From: Oliver Boehmer (oboehmer) [mailto:oboehmer@cisco.com]
Sent: Wednesday, February 15, 2006 12:47 PM
To: Neilrey Espino; cisco-bba@puck.nether.net
Subject: RE: [cisco-bba] Tacacs+ Authentication


Neilrey Espino <> wrote on Wednesday, February 15, 2006 6:23 PM:

> Hi Guys,
>
> Has anyone tried usin tacacs+ as the AAA server for the LNS to provide

> IP for dsl clients ?
>
> I have tested it successfully with the local database now I wanted to
> try it on our existing tacacs+ server.
>
> Here's my config below, Hopefully someone can help me point the
> problem.

> ppp chap hostname neilrey@mydomain.com
> ppp chap password 0 fundserv
>
>
> on TACACS+ :
>
> user = neilrey {
> chap = cleartext "neilrey"
> service = ppp protocol = ip
> {
> addr = 192.168.1.1
> }
> }

wrong chap password in the T+ profile?

oli

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal