FreeRadius PAP authentication for Non-EAPOL clients on Avaya 5500 switch.
Alan DeKok
aland at deployingradius.com
Sat Feb 28 14:48:57 CET 2015
On Feb 25, 2015, at 7:39 PM, jan hugo prins <jhp at jhprins.org> wrote:
> But I also need to accommodate telephones and printers and they don't do
> EAP themselves. To work around this, the switches we use have an option
> to configure the switch in such a way that it creates a radius access
> request based on the MAC address of the client, it's own IP address and
> the port the client is connected to.
That’s a stupid idea. But I’m not surprised. Vendors are often bad at RADIUS.
> This sounds like a simple setup, just add some users with plaintext
> passwords and start the authentication process. But the problem is that
> this fails, and it looks like the switch is sending 2 exactly the same
> authentication requests short after another, and the first one succeeds,
> but the second one fails.
No. The User-Names are different. Reading the debug log carefully is important.
Also, you should fix your LDAP infrastructure. The server is getting redirected to 3-4 different LDAP servers. That’s slow and inefficient.
> I also see this when I ping the host, I
> receive one reply and after that the port is closed again.
>
> Could someone tell me if I have something wrong in my config?
You need to add the second User-Name to the users file. The first one ends with “20”. The second with “22”.
Alan DeKok.
More information about the Freeradius-Users
mailing list