Freeradius authentication for VSP VOSS Switch

Fri Mar 24 14:17:56 UTC 2023

After configuring dictionary.bay as suggested by Igor, the Freeradius
server is not sending

RADIUS: radGenVendorValpairs: vendor_id = 1584

RADIUS: radGenValpairs: len = 6

I am not sure what needs to be configured in the users file to send these
attributes.

Shamsher

On Fri, Mar 24, 2023 at 5:53 AM Jonathan Davis <jonathan at prioritycolo.com>
wrote:

> Where are you getting stuck, or what part are you having trouble with ?
>
> > On Mar 24, 2023, at 12:12 AM, shamsher singh <mr.shamshersingh at gmail.com>
> wrote:
> >
> > The Radius Server needs to send the VSP switch Vendor Specific Attribute
> > (VSA) identified as Attribute 26
> >
> >
> >   - The Vendor Code value for the Vendor Specific Attribute is: 1584.
> >   - The Vendor Assigned Attribute Number for the Vendor Specific
> Attribute
> >   is 192.
> >   - The Attribute Format for the Vendor Specific Attribute is: decimal.
> >   - The Attribute Value for the Vendor Specific Attribute is 6.
> >
> >
> > I need to know how to define VSA in Freeradius, the way the windows
> radius
> > server defines it, please see the link it shows how its defined on the
> > windows radius
> >
> > https://extremeportal.force.com/ExtrArticleDetail?an=000057339
> >
> > Shamsher
> >
> >> On Thu, Mar 23, 2023 at 5:39 PM Igor Smitran <sigor at blic.net> wrote:
> >>
> >> Look at the freeradius dictionary files:
> >>
> >> dictionary.nortel (VENDOR id 562) or dictionary.bay (Vendor ID 1584 -
> >> Bay-Networks is now Nortel)
> >>
> >> I don't know what do you want to accomplish with attribute 26?
> >>
> >> In case you don't have needed attributes you can add them to files
> >> mentioned above.
> >>
> >>
> >> For example:
> >>
> >> to dictionary.bay (id 1584) add lines:
> >>
> >> ATTRIBUTE Access-Priority 192 integer
> >>
> >> ATTRIBUTE Cli-Commands 193 string
> >>
> >> ATTRIBUTE Command-Access 194 integer
> >>
> >> ATTRIBUTE Commands 195 string
> >>
> >> ATTRIBUTE EAP-Port-Priority 196 integer
> >>
> >>
> >> In your freeradius dictionary config file add include line for your bay
> >> dictionary:
> >>
> >> $INCLUDE /usr/share/freeradius/dictionary.bay
> >>
> >>
> >> Igor
> >>
> >>
> >>> On 23.3.23. 23:01, shamsher singh wrote:
> >>> How would I configure the following on the Freeradius, the following
> >> works
> >>> on the Windows server 2016 radius client.
> >>>
> >>> The following are the default RADIUS Vendor Specific Attribute values
> >>> supported by VOSS switches. The same attribute values need to be
> >> configured
> >>> on RADIUS server.
> >>>
> >>> The RADIUS server needs to be configured to send the Vendor Specific
> >>> Attribute (VSA), identified as Attribute 26, back to the VSP containing
> >> the
> >>> following values:
> >>>
> >>>    - The Vendor Code value for the Vendor Specific Attribute is: 1584.
> >>>    - The Vendor Assigned Attribute Number for the Vendor Specific
> >> Attribute
> >>>    is 192.
> >>>    - The Attribute Format for the Vendor Specific Attribute is:
> decimal.
> >>>    - The Attribute Value for the Vendor Specific Attribute is 6.
> >>>
> >>> Attribute 26 which is the Vendor-Specific attribute (VSA) within RADIUS
> >>> which encapsulates vendor specific attributes. Attribute 26 allows
> >> vendors
> >>> to support their own custom attributes.
> >>>
> >>> Shamsher
> >>>
> >>>> On Sat, Mar 4, 2023 at 6:02 AM Igor Smitran<sigor at blic.net>  wrote:
> >>>
> >>>> It looks like you are sending attribute that your switch doesn't
> >> recognize.
> >>>>
> >>>> Maybe you should send something like
> >>>>
> >>>> Access-Priority = 6
> >>>>
> >>>> instead of
> >>>>
> >>>> Service-Type = Administrative-User
> >>>>
> >>>> Maybe your switch rejects all access requests that contain
> unrecognized
> >>>> attributes.
> >>>>
> >>>> Also, you should include freeradius dictionary in freeradius in case
> you
> >>>> didn't.
> >>>>
> >>>>
> >>>> Igor
> >>>>
> >>>> On 4.3.23. 02:18, Alan DeKok wrote:
> >>>>> On Mar 3, 2023, at 7:48 PM, shamsher singh<
> mr.shamshersingh at gmail.com>
> >>>> wrote:
> >>>>>> As per the Extreme support
> >>>>>    Copying web pages to the mailing list won't help.
> >>>>>
> >>>>>> eg : "Free Radius" Script :
> >>>>>    That's a dictionary.  We know what it is.  We already have copies.
> >>>>>
> >>>>>> I am not sure what else to configure on the switch or on the
> >> Freeradius.
> >>>>>    It's a networking issue, or a shared secret issue.
> >>>>>
> >>>>>    FreeRADIUS sends an Access-Accept.  FreeRADIUS is working fine.
> >>>>>
> >>>>>    Something else in the network is broken.  We don't know what it
> is.
> >>>> But we do know that it's not FreeRADIUS.
> >>>>>    This is not a problem we can help with.
> >>>>>
> >>>>>    Alan DeKok.
> >>>>>
> >>>>> -
> >>>>> List info/subscribe/unsubscribe? Seehttp://
> >>>> www.freeradius.org/list/users.html
> >>>> -
> >>>> List info/subscribe/unsubscribe? See
> >>>> http://www.freeradius.org/list/users.html
> >>>>
> >>> -
> >>> List info/subscribe/unsubscribe? Seehttp://
> >> www.freeradius.org/list/users.html
> >> -
> >> List info/subscribe/unsubscribe? See
> >> http://www.freeradius.org/list/users.html
> >>
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>