I encountered the problem that there is an account in the database, but the authentication process feedback does not exist. Please help.
Matthew Newton
mcn at freeradius.org
Wed Dec 6 11:15:25 UTC 2023
On 06/12/2023 03:00, 娶你苟命 wrote:
> * I'm having trouble with freeradius and don't know if I should ask
> freeradius-users at lists.freeradius.org
This is the right place to ask.
> (0) Received Access-Request Id 228 from 192.168.1.243:38272 to
> 192.168.2.118:1812 length 215
> (0) User-Name = "netnoc"
...> (0) H3C-Product-ID = "H3C S6812-48X6C"
PAP auth from H3C
> (0) pap: User authenticated successfully
...
> (0) Sent Access-Accept Id 228 from 192.168.2.118:1812 to
> 192.168.1.243:38272 length 0
Login OK
> (1) Received Access-Request Id 175 from 192.168.1.244:63378 to
> 192.168.2.118:1812 length 170
> (1) User-Name = "netnoc"
> (1) User-Password = "123456"
...
> (1) Huawei-Version = "Huawei VRP Software Version"
PAP auth from Huawei
> (1) pap: User authenticated successfully
...
> (1) Sent Access-Accept Id 175 from 192.168.2.118:1812 to
Login OK
There nothing wrong with FreeRADIUS. It is returning Access-Accept
because the login is OK on both occasions.
> *What is puzzling is that the user "netnoc" exists on my mysql, but
> when using H3C network supplier products, it will prompt that the user does
> not exist. I have repeatedly confirmed that there is no problem with the
> switch configuration file. This problem will not exist when testing with
> Cisco ACS.*
You need to look at the switch and find out why it does not allow the
user on after receiving an Access-Accept. It might be expecting other
attributes in the reply (such as Service-Type), but only the switch log
output or documentation can tell you what is going wrong.
This page might help: https://knowledge.h3c.com/Theme/details/191858
That seems to imply you need to add at least these attributes to your
reply (e.g. using the "users" file, or add to the SQL database.)
Service-Type=Login-User
Session-Timeout=86400
Login-Service=Telnet
and possibly also one of
H3c-Exec-Privilege=1
H3c-User-Roles="shell:roles="network-admin""
--
Matthew
More information about the Freeradius-Users
mailing list