Configure Freeradius Server on a Synology NAS to Authenticate Cisco RV340 Users

Levin, Vladimir vladlevin at geo-logic.com
Wed Sep 4 11:26:19 CEST 2019 

1. According to Cisco tech support (and as I wrote in my original post) I need FreeRADIUS server to send RADIUS attribute class 25 with the user group name to the client (RV340).  The  http://freeradius.1045715.n5.nabble.com/Reply-with-group-attribute-td2781054.html  thread seems to be dealing with similar issue, though it's over 10 years old.  In his 2nd, 4:30 am, post Markus Wernig is asking the same question as I am, but I am not sure I fully understand what exactly he ended up doing.
2. See above.  Also, I have read the documentation, but it's still unclear to me how I should proceed.
3. There was only 1 non-rhetorical question in your previous post and I did answer it to the best of my knowledge and understanding.  Also, I couldn't find any Class attribute examples you are referring to.
4. I think it's MySQL database; I don't know how FreeRADIUS queries it.  
5. Once again, I'm not a developer, but an end user of a Synology NAS and I don't have information about its inner workings.  According to Synology development team, what I'm trying to achieve "is not a default option they support" and my only alternative is to try to modify the settings myself.  Obviously this isn't my area of expertise and I'm clearly out of my depth here, so any help I can get is very appreciated.

vl
-----Original Message-----
From: Freeradius-Users [mailto:freeradius-users-bounces+vladlevin=geo-logic.com at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: Tuesday, September 03, 2019 7:42 PM
To: FreeRadius users mailing list
Subject: ++++SPAM++++ Re: Configure Freeradius Server on a Synology NAS to Authenticate Cisco RV340 Users

On Sep 3, 2019, at 9:22 PM, Levin, Vladimir <vladlevin at geo-logic.com> wrote:
> 
> 1. I was unable to find any vendor documention that would explain how to make it work.  Both, Synology and Cisco, development level technical support couldn't help either and referred me to Freeradius or "other online sources".

  My point was that we can answer questions about FreeRADIUS.  We *can't* answer questions about what attributes are needed by a particular NAS.  Or, what values should be used for those attributes.  Only the vendor documentation has that information.

  Once you know which attributes need to be returned, and what values they have, it's easy to configure FreeRADIUS.  And we can definitely help there.

> 2. I am not familiar with RADIUS server environment nor am I a programmer, so even after reading the documentation I am still not sure which file(s) to input the code into or what the correct code should be.

  "correct code" to do... what? 

  Saying "I'm not familiar with RADIUS" is a *terrible* answer.  We know.  You MUST be willing to *learn* about it.

> 3. I am not looking for a lecture (though, if that's what gets you off, I am happy to provide the opportunity) nor for other people to do my work for me (I've spent many hours trying to get it to work with nothing to show for it), but was rather hoping that someone has already solved that problem and was willing to share the solution.  

  I was hoping you would answer my question instead of complaining or making personal insults.

  The point was if you want to return an attribute, there is TONS of documentation telling you what to do.  Just look for "Class" in the default configuration, and you will see examples of comparing the Class attribute to something, or setting its value.

  And no, no one has solved your particular problem before.  It's unusual, hence my reply of "what do you mean?"  If it was a common problem, then it would have been documented.

  Yes, it's 2019.  Complaints about the FreeRADIUS documentation are no longer relevant.  While the documentation isn't perfect, it clearly describes the syntax of the configuration files.  The default virtual servers are heavily commented and documented.

  All that is necessary is that you *read* it, and ask *specific questions* when you don't understand something.

  It's just not useful to say "I've spent many hours trying to get it to work with nothing to show for it".  That's a complaint of "I did stuff and it didn't work.  But I'm not going to tell you what I did!"

  How do you expect us to be able to help you, then?

> 4. The group names are stored in the local user database of the Synology NAS; its RADIUS server, which is essentially Freeradius, is configured via GUI to use that database.

  That means nothing.  WHAT kind of database is it?  HOW does FreeRADIUS query it?

> 5. If I knew what additional information is needed, I'd be glad to provide it, if I can.

  Give sufficient technical information so that people can help you. 

  Your description is vague.  "Database" isn't helpful.  "MySQL" is helpful.  "MySQL and here's a copy of the schema" is helpful.

  You're asking us how to configure "stuff".  And when I point out that description isn't good enough, you don't respond with a clearer description.  That's not productive.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list