migrating client from 2.0 to 3.0
Alan DeKok
aland at deployingradius.com
Fri Jan 13 00:11:32 UTC 2023
On Jan 12, 2023, at 6:18 PM, Matt Zagrabelny via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> However if I attempt to auth directly from the UPS to the 3.0 system, it
> does not work - call this scenario B:
Hmm... the typical reason is that the shared secret is wrong. But if that's correct, there isn't much else that can go wrong.
If you're running v2 and v3 on the same machine, and the Access-Accept packets are the same, then it really should work.
> I'm not sure if there is more to look at between the 2.0 and 3.0 systems.
> It is difficult to do any debugging on the UPS, so I was hoping to figure
> out the issue on the FR systems.
>
> I've performed a diff of the scenario A and B 3.0 debug outputs and I don't
> see anything significant in the difference.
Yeah, that's a problem. Even the debug output doesn't matter as much as the Access-Accept. i.e. the the Access-Accepts have the same contents, then it should work.
> I have removed the Service-Type from the configurations and I still get a
> success authentication, I am just entered into a non-administrative role on
> the UPS.
So the UPS is recognizing the Access-Accept, but not the Service-Type. That is just weird.
> Does anyone have any ideas for further debugging?
I really don't have much to offer here. I don't recall ever seeing this before.
It has to be a networking issue. I can't think of anything else.
Alan DeKok.
More information about the Freeradius-Users
mailing list