Fwd: FreeRadius server rejecting Mikrotik Auth Request
Marcelito de Guzman
marzzz21 at gmail.com
Tue Jun 16 10:08:56 CEST 2020
I'm setting up a Mikrotik router to authenticate via my FreeRadius
server which is also connected to a Kerberos server.
I've set up Juniper/JunOS routers to it and it's working fine.
However, with Mikrotik, FreeRadius seems to reject the request. I'm
not entirely sure how to move forward and rectify this one.
user.conf:
>
> mihael Auth-Type := kerberos
> Service-Type = Administrative-User,
> Juniper-Local-User-Name := "super-users",
> Cisco-AVPair = "shell:priv-lvl=15",
> MikroTik-Group := “write”
clients.conf:
>
> client 10.129.2.5 {
> secret = mysecret
> shortname = Miktrotik-Device
> nastype = other
> }
tcpdump:
>
> 11:25:45.369063 IP mikrotik.net.55522 > freeradius.net.radius: RADIUS, Access Request (1), id: 0x22 length: 145
> 11:25:45.669482 IP mikrotik.net.55522 > freeradius.net.radius: RADIUS, Access Request (1), id: 0x22 length: 145
> 11:25:45.969903 IP mikrotik.net.55522 > freeradius.net.radius: RADIUS, Access Request (1), id: 0x22 length: 145
> 11:25:46.369565 IP freeradius.net.radius > mikrotik.net.55522: RADIUS, Access Reject (3), id: 0x22 length: 20
> 11:25:46.369776 IP mikrotik.net > freeradius.net.radius: ICMP czt1-sme2.rise.net.ph udp port 55522 unreachable, length 56
Attached is the logs for the request acquired via `radiusd -X`
Thanks,
mihael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: debugfile
Type: application/octet-stream
Size: 17982 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20200616/b7ecc96d/attachment.obj>
More information about the Freeradius-Users
mailing list