Configuration issue at radiusd.conf?
mcn at freeradius.org
Fri May 14 22:42:48 CEST 2021
On 14/05/2021 17:17, Honglak Kim via Freeradius-Users wrote:
> (0) Sent Access-Accept Id 116 from 10.192.2.141:1812 to 10.0.254.3:43509 length 0
> (0) Juniper-Local-User-Name = "admin"
> (0) Arista-AVPair = "shell:priv-lvl=15"
> (0) Arista-AVPair = "shell:roles=network-admin"
> (0) PaloAlto-Admin-Role = "superuser"
> (0) PaloAlto-Panorama-Admin-Role = "superuser"
> (0) PaloAlto-User-Group = "all"
> (0) Finished request
That looks like you're trying to give console access to a switch/router.
The debug output seems correct, in that you're sending back an
Access-Accept. However you need to carefully read the switch
documentation. They are usually very picky about what attributes are
expected. If you send back the wrong ones, or slightly the wrong format,
it won't work and access will be denied.
Try checking the debug logs on your device, assuming it gives you some,
to see if it says anything.
Make sure you're not firewalling/filtering responses (e.g. ACLs on the
FreeRADIUS seems to be working correctly from what you have sent.
More information about the Freeradius-Users