Hi Guys
I am new to AAA server/configuration. For lab testing i am configuring SSH user to be authenticated via AAA server (RADIUS). On Nokia router (Alcatel routers) i have configured following:
config system security
password
authentication-order radius local
exit
radius
authorization
server 1 address 192.168.0.2 secret testkey
exit
Where AAA server IP is reachable from the Router.
On Radius Server, i have configured the RADIUS client with Router's System IP and secret matched between both. User account "TGTest" has been created on users file. User file contents:
users.timetra
TGTest Password = "Test123"
Auth-Type = System,
Service-Type = Login-User,
Idle-Timeout = 600,
Timetra-Access = console,
Timetra-Home-Directory = cf3:,
Timetra-Restrict-To-Home = true
Timetra-Default-Action = permit-all,
Timetra-Cmd = "tools;telnet;configure system security",
Timetra-Action = deny
On Radius server i can see that user auth request hits the server, but it didnt authenticate.
For testing i am using Nokia AAA (10.2), where Auth VSA is already installed/defined.
The error i am getting is that "5648 11:43:40.930 TGTest login failed due to Password check failure"
I am sure its not due to Authorization, as even without Authorization knob, same issue persist.
Do someone has any working (any radius) user file for such basic testing. or any guidelines, where i am mistaken.
/Fahad