Service-Type Error

Darren Shaw D.Shaw at hud.ac.uk
Tue Nov 1 13:55:48 CET 2011 

Hello,

The FreeRadius server is a VM machine and the ESX host failed, everything came back and is now working apart from the following

The Radius Service, when the service starts this is the error we receive

/usr/local/etc/raddb/sites-enabled/default[219]: ERROR: Unknown value Administrative-User, for attribute Service-Type
/usr/local/etc/raddb/sites-enabled/default[214]: Failed to parse "update" subsection.
/usr/local/etc/raddb/sites-enabled/default[210]: Failed to parse "if" subsection.
/usr/local/etc/raddb/sites-enabled/default[62]: Errors parsing authorize section.

This error prevents the Network team from logging into their devices, their username is authenticated but they receive the following on the SSH session to the switch/router.

ACCEPT: Authorizing enable access and then nothing.

I have checked the following Dictionary.rfc2865 and this states that the administrative-user has a value of 6, which according to Cisco is correct.

We use the Radius Server for all our Wireless Authentication and this is working without any known issues, please find the section of the Radius configuration file from '/usr/local/etc/raddb/sites-available/default'. By commenting out the 'Service-Type' line Raduis will start, otherwise we get a syntax error.

        if(!control:Auth-Type && (request:NAS-Port-Type == Virtual || request:NAS-Port-Type == Async) && (NAS-Identifier == hudds_switches || NAS-Identifier == bar_switches || NAS-Identifier == old_switches || "%{client:clientgroup}" == "networks")){
           update control {
              Proxy-To-Realm := LOCAL
           }
           if(ldap_staff-Ldap-Group == CMSX_NETW){
              update control {
                 Auth-Type = "ntlm_auth"
              }
                 update reply {
                         Reply-Message = "ACCEPT: Authorizing enable access",
                         Cisco-AVPair = "shell:roles*\"network-admin\"",
                         Cisco-AVPair += "shell:priv-lvl+15",
#*******                 Service-Type = Administrative-User,  *****#
                         Fall-Through = No
              }
           }
        }


Help is greatly appreciated.



Rgds
Darren Shaw
The Network Team
Computing Services
University of Huddersfield
Queensgate
Huddersfield
HD1 3DH

TEL: 01484 471317
MOBILE: 07792 773807




  ________________________________

---
This transmission is confidential and may be legally privileged. If you receive it in error, please notify us immediately by e-mail and remove it from your system. If the content of this e-mail does not relate to the business of the University of Huddersfield, then we do not endorse it and will accept no liability.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111101/46ca742a/attachment.html>

More information about the Freeradius-Users mailing list