I encountered the problem that there is an account in the database, but the authentication process feedback does not exist. Please help.

Matthew Newton mcn at freeradius.org
Wed Dec 6 11:15:25 UTC 2023

On 06/12/2023 03:00, 娶你苟命 wrote:
> *   I'm having trouble with freeradius and don't know if I should ask
> freeradius-users at lists.freeradius.org

This is the right place to ask.

> (0) Received Access-Request Id 228 from to
> length 215
> (0)   User-Name = "netnoc"
...> (0)   H3C-Product-ID = "H3C S6812-48X6C"

PAP auth from H3C

> (0) pap: User authenticated successfully
> (0) Sent Access-Accept Id 228 from to
> length 0

Login OK

> (1) Received Access-Request Id 175 from to
> length 170
> (1)   User-Name = "netnoc"
> (1)   User-Password = "123456"
> (1)   Huawei-Version = "Huawei VRP Software Version"

PAP auth from Huawei

> (1) pap: User authenticated successfully
> (1) Sent Access-Accept Id 175 from to

Login OK

There nothing wrong with FreeRADIUS. It is returning Access-Accept 
because the login is OK on both occasions.

>      *What is puzzling is that the user "netnoc" exists on my mysql, but
> when using H3C network supplier products, it will prompt that the user does
> not exist. I have repeatedly confirmed that there is no problem with the
> switch configuration file. This problem will not exist when testing with
> Cisco ACS.*

You need to look at the switch and find out why it does not allow the 
user on after receiving an Access-Accept. It might be expecting other 
attributes in the reply (such as Service-Type), but only the switch log 
output or documentation can tell you what is going wrong.

This page might help: https://knowledge.h3c.com/Theme/details/191858

That seems to imply you need to add at least these attributes to your 
reply (e.g. using the "users" file, or add to the SQL database.)


and possibly also one of




More information about the Freeradius-Users mailing list