Cisco problems, newbie
Alan Buxey
alan.buxey at gmail.com
Sat Apr 29 18:29:54 CEST 2017
read up on Cisco RADIUS integration first.
if you have configured the switch to use radius for authentication
then you have to do LOTS of extra config to ensure that if the RADIUS
server
does not authenticate the user then allow a local account to login
instead (commonly this might be done on aux or console inputs as you
really need to still acces the switch when RADIUS is not available
because network is down etc. .... anyway, if you run freeradius in
full debug mode you will clearly see what is happening on the radius
server - whether there are any mysterious other users in SQL etc etc -
its not some black box like IAS or ACS...
alan
On 29 April 2017 at 16:37, James via Freeradius-Users
<freeradius-users at lists.freeradius.org> wrote:
> I have a noradius user defined on my cisco switch that is not working properly, cannot login. I'm trying to debug someone else's freeradius setup and unfortunately cannot post config of debug info.So I have a couple of general questions.I have a single freeradius user defined (in users file) that is working properly from cisco perspective.A second user named noradius is defined locally on cisco (not defined in freeradius). Not working.Cisco is configured to check radius first and then locally defined users.When attempting to login as noradius I keep getting password prompts leading me to believe freeradius is not behaving properly, returning fail rather than error. Or some other issue.Questions.Are freeradius users only defined in the users file?If a user is not found in freeradius do I need config file entries to handle that or should the default behavior be sufficient to pass back response to the requestor to try the next auth method?What is SQL used for, i.e. could there be users hidden in sql I'm not seeing?Are there special cisco considerations for freeradius? I suspect not since it's handling my primary user properly.Thanks.-Jimp.s. if I disable radius on the switch I can login to noradius
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list