freeRADIUS for switch authentication

Gab Quidilla gbquidilla21 at gmail.com
Mon Jul 8 08:38:43 CEST 2013


Good day, I've had a freeradius + daloradius + mysql setup to be used for
the authentication of our Allied Telesis switches at our different branches.

I configured the switch to use radius authentication at Login, could
someone check whether the output if radius works on the switch? As there is
no access-accept message I received on radiusd -X

Password is MD5 encrypted, if that helps.

Thanks!


-----


Ready to process requests.
rad_recv: Accounting-Request packet from host 10.141.1.129 port 49154,
id=0, length=84
        User-Name = "netops"
        NAS-IP-Address = 10.141.1.129
        Called-Station-Id = "10.141.1.129"
        Calling-Station-Id = "10.96.100.72"
        Acct-Status-Type = Start
        Acct-Session-Id = "0500001F"
        Acct-Authentic = Local
# Executing section preacct from file /etc/raddb/sites-enabled/default
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] WARNING: Attribute NAS-Port was not found in request, unique
ID MAY be inconsistent
[acct_unique] Hashing ',Client-IP-Address = 10.141.1.129,NAS-IP-Address =
10.141.1.129,Acct-Session-Id = "0500001F",User-Name = "netops"'
[acct_unique] Acct-Unique-Session-ID = "b320652fa80c290b".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "netops", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
# Executing section accounting from file /etc/raddb/sites-enabled/default
+- entering group accounting {...}
[detail]        expand: %{Packet-Src-IP-Address} -> 10.141.1.129
[detail]        expand:
/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
-> /var/log/radius/radacct/10.141.1.129/detail-20130708
[detail]
/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
expands to /var/log/radius/radacct/10.141.1.129/detail-20130708
[detail]        expand: %t -> Mon Jul  8 14:12:31 2013
++[detail] returns ok
++[unix] returns noop
[radutmp]       expand: /var/log/radius/radutmp -> /var/log/radius/radutmp
[radutmp]       expand: %{User-Name} -> netops
  rlm_radutmp: No NAS-Port seen.  Cannot do anything.
  rlm_radumtp: WARNING: checkrad will probably not work!
++[radutmp] returns noop
[sql]   expand: %{User-Name} -> netops
[sql] sql_set_user escaped user --> 'netops'
[sql]   expand: %{Acct-Delay-Time} ->
[sql]   ... expanding second conditional
[sql]   expand:            INSERT INTO radacct
(acctsessionid,    acctuniqueid,     username,
realm,            nasipaddress,     nasportid,
nasporttype,      acctstarttime,    acctstoptime,
acctsessiontime,  acctauthentic,    connectinfo_start,
connectinfo_stop, acctinputoctets,  acctoutputoctets,
calledstationid,  callingstationid, acctterminatecause,
servicetype,      framedprotocol,   framedipaddress,
acctstartdelay,   acctstopdelay,    xascendsessionsvrkey)
VALUES             ('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', '%S', NULL,              '0', '%{Acct-Authentic}',
'%{Connect-Info}',              '', '0', '0',
'%{Called-Station-Id}', '%{Calling-Station-Id}', '',
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[exec] returns noop
[attr_filter.accounting_response]       expand: %{User-Name} -> netops
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 0 to 10.141.1.129 port 49154
Finished request 0.
Cleaning up request 0 ID 0 with timestamp +72
Going to the next request
Ready to process requests.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130708/bfa87bad/attachment.html>


More information about the Freeradius-Users mailing list