user authentication including ingress/egress policing

Matthew Newton mcn4 at leicester.ac.uk
Fri Apr 7 10:58:27 CEST 2017


On Fri, Apr 07, 2017 at 08:38:03AM +0200, Marijn van Gool wrote:
> marijn at server1:~$ freeradius -v
> freeradius: FreeRADIUS Version 2.1.12, for host x86_64-pc-linux-gnu, built on Aug 26 2015 at 14:47:03

That is really old, and no longer supported. You should look to
upgrade.

> I’m not sure about the ‘radiusd’ command. I don’t want to eat my
> keyboard so livingston is a no, but what about yardradius?

The standard daemon name for FreeRADIUS is 'radiusd'. On Debian
based systems (inc. Ubuntu) it's renamed to 'freeradius' instead.

On your system use 'freeradius' instead of 'radiusd'.

> Juniper itself says that I should use RADIUS VSA’s 26-10 and
> 26-11 or Ingress/Egress-Policy-Name. Other documents say I
> should use the unisphere dictionary using
> Unisphere-Ingress/Egress-Policy-Name.

Cross-referencing their dictionary, in FreeRADIUS you need to use
the attributes ERX-Ingress-Policy-Name and ERX-Egress-Policy-Name.

> However, this dictionary was not part of my configuration.

It is in 2.1.12.

https://github.com/FreeRADIUS/freeradius-server/blob/release_2_1_12/share/dictionary.erx

Not all RADIUS servers use the same format dictionary files. You
can't just drop theirs in place and expect it to work.


> Unfortunately it’s still not working. What am I missing here?

The debug output of 'freeradius -X' will tell you everything the
server is doing.

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>


More information about the Freeradius-Users mailing list