NAS not accepting the Access-Accept?
Matt Ashfield
mda at unb.ca
Tue Apr 24 13:34:31 CEST 2007
Ok thanks! I am definitely seeing the NAS request Administrative-User in the
Access-Request packet. I guess I wsen't returning it! Thanks for your help.
Matt
-----Original Message-----
From: Alan DeKok [mailto:aland at deployingradius.com]
Sent: April 24, 2007 3:21 AM
To: mda at unb.ca; FreeRadius users mailing list
Subject: Re: NAS not accepting the Access-Accept?
Matt Ashfield wrote:
> HI,
>
> I have a network switch that I'm trying to configure to allow Console port
> authentication via RADIUS.
>
> In the documentation of the switch it says:
> "To provide each user with appropriate levels of access to the switch, set
> the following username attributes on your RADIUS server:
> - R/W access -- Set the Service-Type field value to Administrative
> - Read-Only -- set the Service-Type field value to NAS-Prompt"
>
> So, in my users file, I have defined a user:
> "testuser" NAS-IP-Address == "172.16.8.30", Cleartext-Password :=
> "testing", Service-Type =="Administrative-User"
Which matches if there's a request for administrative user. You also
have to acknowledge that request in the response, otherwise the NAS will
not let the administrator in:
"testuser" NAS-IP-Address == "172.16.8.30", Cleartext-Password :=
"testing", Service-Type =="Administrative-User"
Service-Type := "Administrative-User"
> However, when I run a packet capture, I see that no Radius attributes are
> being passed back to the NAS device. Shouldn't I be seeing the
> Administrative-User attribute?
If you don't tell the server to send it back, no.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list