As per the Extreme support https://extremeportal.force.com/ExtrArticleDetail?an=000056602&q=voss%20radi... Resolution The RADIUS process includes: RADIUS authentication, which you can use to identify remote users before you give them access to a central network site. RADIUS accounting, which enables data collection on the server during a remote user’s dial-in session with the client. Radius Server Attributes for ERS Stackables Radius Standard Outbound Attribute Service-Type (6) Outbound Value NAS-Prompt (7) for read only or Administrative (6) for rw Radius Server Attributes for VOSS Platforms, ERS 8800, VSP 9000 Vendor ID 1584 (Nortel/Avaya) Outbound Attribute Access-Priority (192) Outbound Value RWA (6) RW (5) l3 (4) l2 (3) l1 (2) ro (1) none (0) eg : "Free Radius" Script : VENDOR Nortel 1584 BEGIN-VENDOR Nortel ATTRIBUTE Access-Priority 192 integer VALUE Access-Priority none 0 VALUE Access-Priority ro 1 VALUE Access-Priority l1 2 VALUE Access-Priority l2 3 VALUE Access-Priority l3 4 VALUE Access-Priority rw 5 VALUE Access-Priority rwa 6 #CLI Commands ATTRIBUTE Cli-Commands 193 string #CLI profile ATTRIBUTE Command-Access 194 integer VALUE Command-Access False 0 VALUE Command-Access True 1 #CLI Commands ATTRIBUTE Commands 195 string #802 priority (value: 0-7) ATTRIBUTE EAP-Port-Priority 1 integer END-VENDOR Nortel I am not sure what else to configure on the switch or on the Freeradius. On Fri, Mar 3, 2023 at 2:20 AM marki <jm+freeradiususer@roth.lu> wrote:
This is a problem with the switch/NAS, not with freeradius.
Hello List,
I have been trying to authenticate using radius with Extreme VSP switch, the radius seems to accept the authentication, but the switch still fails
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 131.232.33.8 port 44016, id=243, length=68
User-Name = "test"
User-Password = "test"
NAS-IP-Address = 131.232.33.8
NAS-Port = 1
NAS-Port-Type = Async
Service-Type = Administrative-User
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] No EAP-Message, not doing EAP
++[eap] = noop
[files] users: Matched entry test at line 2
++[files] = ok
++[expiration] = noop
++[logintime] = noop
++[pap] = updated
+} # group authorize = updated
Found Auth-Type = PAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group PAP {
[pap] login attempt with password "test"
[pap] Using clear text password "test"
[pap] User authenticated successfully
++[pap] = ok
+} # group PAP = ok
# Executing section post-auth from file /etc/freeradius/sites-enabled/default
+group post-auth {
++[exec] = noop
+} # group post-auth = noop
Sending Access-Accept of id 243 to 131.232.33.8 port 44016
Service-Type = Administrative-User
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 243 with timestamp +73
Ready to process requests.
-------------
ssh test@131.232.33.8
Using security software from Mocana Corporation. Please visit https://www.mocana.com/ for more information
Copyright(c) 2010-2022 Extreme Networks.
All Rights Reserved.
Virtual Services Platform 7200
VSP Operating System Software Build 8.8.0.0
General Availability Released Software, Fully supported
This product is protected by one or more US patents listed at http://www.extremenetworks.com/patents along with their foreign counterparts.
EXTREME NETWORKS VOSS COMMAND LINE INTERFACE
test@131.232.33.8's password:
Permission denied, please try again.
test@131.232.33.8's password:
------
1 2023-03-02T17:00:37.225-07:00 LAB7K902 CP1 - 0x000d8602 - 00000000 GlobalRouter SSH INFO SSH session closed by server for user test on host 131.232.90.103, session_id = 2
1 2023-03-02T17:00:37.225-07:00 LAB7K902 CP1 - 0x000d8602 - 00000000 GlobalRouter SSH INFO SSH authentication time expired for user test on host 131.232.90.103, session_id = 2
1 2023-03-02T17:00:23.615-07:00 LAB7K902 CP1 - 0x0004060b - 00000000 GlobalRouter WEB INFO SSL session with client 131.232.90.103 closed.
1 2023-03-02T16:59:40.417-07:00 LAB7K902 CP1 - 0x000d8602 - 00000000 GlobalRouter SSH INFO SSH invalid username/password for user test on host 131.232.90.103, session_id = 2
1 2023-03-02T16:59:40.417-07:00 LAB7K902 CP1 - 0x000a45fc - 00000000 GlobalRouter RADIUS INFO Radius message:
1 2023-03-02T16:59:40.417-07:00 LAB7K902 CP1 - 0x000a45c0 - 00000000 GlobalRouter RADIUS INFO RADIUS authentication failed on server 131.232.33.170
1 2023-03-02T16:59:40.417-07:00 LAB7K902 CP1 - 0x000a45fc - 00000000 GlobalRouter RADIUS INFO Radius message:
Thank you, Shamsher - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On March 3, 2023 1:07:27 AM GMT+01:00, shamsher singh <mr.shamshersingh@gmail.com> wrote: - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html