freeradius2 and juniper router

srg srgqwerty at gmail.com
Sun Aug 29 09:53:11 CEST 2010 

First try adding 127.0.0.1 in your clients.conf file and try using
radtest in the freeradius machine in order to see if the username/pass
"tester" works and you can authenticate and receive the atrributes
(Juniper-Local-User-Name).

Then launch freeradius with the -X option (it will enable debug messages
in your standard output) and try to access to your juniper device
meanwhile radiusd is running with the -X option. Sure that an important
info will be displayed in the log messages.

Hope this helps

Regards

Hi all:

I got the freeradius server installed, configured but it is not working.
Basically it just doesn't respond.

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

for "clients.conf":

client  192.168.10.8 {
        secret            = easy-test
        shortname         = lab-net
}

for file "users":

tester     Auth-Type := Local
           User-Passowrd = "password"
           Juniper-Local-User-Name = "admin"

for file /usr/local/share/freeradius/dictionary.juniper:

#

VENDOR          Juniper                         2636

BEGIN-VENDOR    Juniper

ATTRIBUTE       Juniper-Local-User-Name                 1       string
admin

END-VENDOR      Juniper


on juniper router:

radius-server {
    192.168.10.10 secret "$9$g04ZjHkPTQnik.5TzAt"; ## SECRET-DATA
}

somehow juniper router just ignore the calls from the freeradius server:

tcpdump: listening on bge0, link-type EN10MB (Ethernet), capture size 96
bytes
21:02:56.043367 IP (tos 0x0, ttl 64, id 36292, offset 0, flags [none],
proto UDP (17), length 85)
    192.168.255.138.54420 > 192.168.255.128.radius: RADIUS, length: 57
        Access Request (1), id: 0x3e, Authenticator:
16af4d9f0f21ace37e0a2d7b3c21d4c7
          Username Attribute (1), length: 5, Value: glu
            0x0000:  676c 75
          Password Attribute (2), length: 18, Value: 
            0x0000:  8332 de31 d0a1 7ba9 e1f5 1d89 66e6 207b
          NAS ID Attribute (32), length: 8, Value: lab-r8
            0x0000:  6c61 622d 7238
          NAS IP Address Attribute (4), length: 6, Value:  [|radius]
            0x0000:  0a
21:02:59.045142 IP (tos 0x0, ttl 64, id 36294, offset 0, flags [none],
proto UDP (17), length 85)
    192.168.255.138.54420 > 192.168.255.128.radius: RADIUS, length: 57
        Access Request (1), id: 0x3e, Authenticator:
16af4d9f0f21ace37e0a2d7b3c21d4c7
          Username Attribute (1), length: 5, Value: glu
            0x0000:  676c 75
          Password Attribute (2), length: 18, Value: 
            0x0000:  8332 de31 d0a1 7ba9 e1f5 1d89 66e6 207b
          NAS ID Attribute (32), length: 8, Value: lab-r8
            0x0000:  6c61 622d 7238
          NAS IP Address Attribute (4), length: 6, Value:  [|radius]
            0x0000:  0a
21:03:02.045798 IP (tos 0x0, ttl 64, id 36299, offset 0, flags [none],
proto UDP (17), length 85)
    192.168.255.138.54420 > 192.168.255.128.radius: RADIUS, length: 57
        Access Request (1), id: 0x3e, Authenticator:
16af4d9f0f21ace37e0a2d7b3c21d4c7
          Username Attribute (1), length: 5, Value: glu
            0x0000:  676c 75
          Password Attribute (2), length: 18, Value: 
            0x0000:  8332 de31 d0a1 7ba9 e1f5 1d89 66e6 207b
          NAS ID Attribute (32), length: 8, Value: lab-r8
            0x0000:  6c61 622d 7238
          NAS IP Address Attribute (4), length: 6, Value:  [|radius]
            0x0000:  0a
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


>From what i found on internet, freeradius2 suppose to support juniper
routers.

any ideas?




      

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list