Help needed configuring MAB on FreeRADIUS and Cisco switch

Kaya Saman kayasaman at
Tue Jul 17 10:54:57 CEST 2012

Hi Alan,

sorry for the mishaps yesterday......

On Mon, Jul 16, 2012 at 4:20 PM, alan buxey <A.L.M.Buxey at> wrote:
>> By placing the entry you suggested at the top of the /etc/raddb/users
>> file and restarting the server I got this:
> well, no you didnt...or rather, if you did stick that in the users file
> then its certainly not the users file that the server is reading. you are editing
> the live server config and not some extracted archive file?

Let's just try to focus on this issue and get a basic system up and
running before continuing on - as that is inevitably what you were
trying to do :-)

Ok so first let's get back to real basics and check where we are in
the file system:

# cd /etc/raddb

# ls
acct_users                 clients.conf  policy.conf      sql
attrs                      dictionary    policy.txt       sql.conf
attrs.access_challenge     eap.conf      preproxy_users   sqlippool.conf
attrs.access_reject    proxy.conf       templates.conf
attrs.accounting_response  hints         radiusd.conf     users
attrs.pre-proxy            huntgroups    sites-available
certs                      modules       sites-enabled

# cat users | more
 0015c5537baa Cleartext-Password := "0015c5537baa"
          Tunnel-Type:0 = VLAN,
          Tunnel-Medium-Type:0 = IEEE-802,
          Tunnel-Private-Group-Id:0 = "3",
          Tunnel-Preference = 0x000000

#	Please read the documentation file ../doc/processing_users_file,
#	or 'man 5 users' (after installing the server) for more information.
#	This file contains authentication security and configuration
#	information for each user.  Accounting requests are NOT processed
#	through this file.  Instead, see 'acct_users', in this directory.
#	The first field is the user's name and can be up to
#	253 characters in length.  This is followed (on the same line) with
#	the list of authentication requirements for that user.  This can
#	include password, comm server name, comm server port number, protocol
#	type (perhaps set by the "hints" file), and huntgroup name (set by

I have additionally attached the full file just incase!

Let's see in the file system if there are any other files called users
which maybe the 'source' of the Radius service:

# find / -name users

Will disabling SElinux help, could that be blocking things as it
usually does with TFTP???


-------------- next part --------------
A non-text attachment was scrubbed...
Name: users
Type: application/octet-stream
Size: 6732 bytes
Desc: not available
URL: <>

More information about the Freeradius-Users mailing list