NAS not accepting the Access-Accept?
Matt Ashfield
mda at unb.ca
Mon Apr 23 20:18:23 CEST 2007
HI,
I have a network switch that I'm trying to configure to allow Console port
authentication via RADIUS.
In the documentation of the switch it says:
"To provide each user with appropriate levels of access to the switch, set
the following username attributes on your RADIUS server:
- R/W access -- Set the Service-Type field value to Administrative
- Read-Only -- set the Service-Type field value to NAS-Prompt"
So, in my users file, I have defined a user:
"testuser" NAS-IP-Address == "172.16.8.30", Cleartext-Password :=
"testing", Service-Type =="Administrative-User"
When I run in debug mode, I get the following in my log, which implies to me
that the user is successfully authorized and the Access-Accept message is
being sent back.
Mon Apr 23 14:38:15 2007 : Debug: rlm_pap: login attempt with password
testing
Mon Apr 23 14:38:15 2007 : Debug: rlm_pap: Using clear text password
"testing".
Mon Apr 23 14:38:15 2007 : Debug: rlm_pap: User authenticated succesfully
Mon Apr 23 14:38:15 2007 : Debug: modsingle[authenticate]: returned from
pap (rlm_pap) for request 0
Mon Apr 23 14:38:15 2007 : Debug: modcall[authenticate]: module "pap"
returns ok for request 0
Mon Apr 23 14:38:15 2007 : Debug: modcall: leaving group PAP (returns ok)
for request 0
Sending Access-Accept of id 16 to 172.16.8.30 port 2048
However, when I run a packet capture, I see that no Radius attributes are
being passed back to the NAS device. Shouldn't I be seeing the
Administrative-User attribute?
Thanks
Matt
mda at unb.ca
More information about the Freeradius-Users
mailing list