New to FreeRadius and can't manage to get it to work for me
aland at deployingradius.com
Wed Aug 22 18:33:49 CEST 2018
On Aug 22, 2018, at 11:56 AM, Moshe Sakajo <moshe_s at packetlight.com> wrote:
> Hi to you all I am sending this message again only this time with the full debug info.
> I am a QA Engineer and my concern is to make sure that the "boxes" that I test cooperate with the most popular RADIUS Server.
> According to other RADIUS Server that I have tested with before, I manage to authenticate a user that performs a login into our boxes.
It doesn't matter what the other RADIUS servers do.
And posting the same information again isn't useful.
> with all of that said I can also tell the radius.log show that the Login attempts are OK but I still
> get Access denied from my device, like something is still missing.
Your device is broken.
> Can you please tell me what might be missing ? Thanks for the support
> I assume that I am missing some kind of reply from the server side.
See the device documentation for which attributes it needs in the Access-Accept. Then, configure FreeRADIUS to send those attributes.
Or, look at the RADIUS packets coming out of the other RADIUS server. See which attributes it sends. Then, configure FreeRADIUS to send those attributes.
It shouldn't be difficult.
> At the same time I need the server to identify the right privileges (4/2/1)
> according to the user definitions
I have no idea what that means.
> Sending Access-Accept of id 5 to 10.0.1.211 port 49964
> Service-Type = Administrative-User
FreeRADIUS sends an Access-Accept. That means it's working properly.
If you want FreeRADUUS to send different attributes in the reply, then configure it send different attributes in the reply.
More information about the Freeradius-Users