Fwd: FreeRadius server rejecting Mikrotik Auth Request

Marcelito de Guzman marzzz21 at gmail.com
Tue Jun 16 09:47:15 CEST 2020


I'm setting up a Mikrotik router to authenticate via my FreeRadius server
which is also connected to a Kerberos server.

I've set up Juniper/JunOS routers to it and it's working fine.

However, with Mikrotik, FreeRadius seems to reject the request. I'm not
entirely sure how to move forward and rectify this one.

*user.conf:*

mihael Auth-Type := kerberos
> Service-Type = Administrative-User,
> Juniper-Local-User-Name := "super-users",
> Cisco-AVPair = "shell:priv-lvl=15",
> MikroTik-Group := “write”


*clients.conf:*

 client 10.129.2.5 {
> secret = mysecret
> shortname = Miktrotik-Device
> nastype = other
> }




*tcpdump:*
>
> 11:25:45.369063 IP mikrotik.net.55522 > freeradius.net.radius: RADIUS,
> Access Request (1), id: 0x22 length: 145
> 11:25:45.669482 IP mikrotik.net.55522 > freeradius.net.radius: RADIUS,
> Access Request (1), id: 0x22 length: 145
> 11:25:45.969903 IP mikrotik.net.55522 > freeradius.net.radius: RADIUS,
> Access Request (1), id: 0x22 length: 145
> 11:25:46.369565 IP freeradius.net.radius > mikrotik.net.55522: RADIUS,
> Access Reject (3), id: 0x22 length: 20
> 11:25:46.369776 IP mikrotik.net > freeradius.net.radius: ICMP
> czt1-sme2.rise.net.ph udp port 55522 unreachable, length 56


Attached is the logs for the request acquired via `radiusd -X`


Thanks,
mihael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: debugfile
Type: application/octet-stream
Size: 17982 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20200616/e31ca572/attachment-0001.obj>


More information about the Freeradius-Users mailing list