Configure Freeradius Server on a Synology NAS to Authenticate Cisco RV340 Users
Levin, Vladimir
vladlevin at geo-logic.com
Wed Sep 4 10:01:52 CEST 2019
-----Original Message-----
From: Freeradius-Users [mailto:freeradius-users-bounces+vladlevin=geo-logic.com at lists.freeradius.org] On Behalf Of Fajar A. Nugraha
Sent: Tuesday, September 03, 2019 8:14 PM
To: FreeRadius users mailing list
Subject: ++++SPAM++++ Re: Re: Configure Freeradius Server on a Synology NAS to Authenticate Cisco RV340 Users
On Wed, Sep 4, 2019 at 8:24 AM Levin, Vladimir <vladlevin at geo-logic.com> wrote:
>
> 1. I was unable to find any vendor documention that would explain how to make it work. Both, Synology and Cisco, development level technical support couldn't help either and referred me to Freeradius or "other online sources".
> 2. I am not familiar with RADIUS server environment nor am I a programmer, so even after reading the documentation I am still not sure which file(s) to input the code into or what the correct code should be.
> 3. I am not looking for a lecture (though, if that's what gets you off, I am happy to provide the opportunity) nor for other people to do my work for me (I've spent many hours trying to get it to work with nothing to show for it), but was rather hoping that someone has already solved that problem and was willing to share the solution.
> 4. The group names are stored in the local user database of the Synology NAS; its RADIUS server, which is essentially Freeradius, is configured via GUI to use that database.
> 5. If I knew what additional information is needed, I'd be glad to provide it, if I can.
To summarize what you wrote:
- synology includes a radius software, which is supposed to be freeradius
- you have no details on how synology implement their radius
- you want to use its bundled radius to authenticate cisco
Is that correct?[] Yes, that is absolutely correct.
If so, then it seems that the only supported use of synology's radius
is whatever they tell you it can do (e.g. authenticate NAS users). If
you're using it for something other than its supported use, then
you're basically on your own.
Having said that, you might be able to perform additional
configguration on it if:
- you have no problem with potentially breaking (or voiding warranty)
your synlogy nas[] I don't have a problem with that.
- you have access to command line[] I do.
- you are familiar with configuring software directly via command line[] To a certain degree.
- you can read (and implement) the docs[] I guess that remains to be seen.
As for "send radius attribute", if it were a normal freeradius
installation with mysql backend, and the attribute is specific to each
user, you probably need to add entries to radreply table, e.g.
https://wiki.freeradius.org/guide/SQL-HOWTO#populating-sql
However if you have only access to synology's GUI, and it does not
show similar option, and you don't have access to the underlying
database directly, then your best bet is to simply install a separate
freeradius server for cisco.
--
Fajar
>
> vl
> -----Original Message-----
> From: Freeradius-Users [mailto:freeradius-users-bounces+vladlevin=geo-logic.com at lists.freeradius.org] On Behalf Of Alan DeKok
> Sent: Tuesday, September 03, 2019 1:49 PM
> To: FreeRadius users mailing list
> Subject: ++++SPAM++++ Re: Configure Freeradius Server on a Synology NAS to Authenticate Cisco RV340 Users
>
> On Sep 3, 2019, at 4:39 PM, Levin, Vladimir <vladlevin at geo-logic.com> wrote:
> > Could anyone provide instructions on how to configure Freeradius server on a Synology NAS to authenticate Cisco RV340 users? Specifically, I need to configure the server to send radius attribute class 25 with user group name back to the client (RV340).
>
> We don't have documentation for commercial vendors here. Please read *their* documentation to see what they accept.
>
> If you want to send a Class attribute back to the NAS, read "man unlang". It contains complete descriptions of how to send attributes. Plus, read sites-available/default. There are lots of examples there.
>
> i.e. *read* the documentation instead of asking other people to do your work for you. If you can't be bothered to read the documentation and follow it, we can't be bothered, too.
>
> And *where* is the group name stored? FreeRADIUS isn't a database. We don't store groups. So it has to come from somewhere.
>
> How can we help you if you ask vague questions, and don't give us enough information?
>
> Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list