authenticate cisco nexus 5000 with freeradius

Alan DeKok aland at deployingradius.com
Tue Feb 27 13:11:17 UTC 2024


On Feb 27, 2024, at 4:37 AM, Majed Zouhairy <m_zouhairy at ckta.by> wrote:
> 
> Peace, according to
> https://community.cisco.com/t5/security-knowledge-base/nexus-integration-for-admin-access-with-free-radius/ta-p/3138329

  That's from 2013.  And assumes a particular set of requirements.

> the freeradius configuration is as such:

  It's not good to copy random things from the net and hope that they work.

  It's better to read the documentation and understand how it works.

> DEFAULT Group == cisco-rw, Auth-Type = System
> 
>        Service-Type = NAS-Prompt-User,
> 
>        cisco-avpair := "shell:roles*\"network-admin vdc-admin\"",
> 
> but it does not mention what section of freeradius to modify,

  If you understand how the server works (which is the recommended approach), then the place is obvious.

> i tried adding all the information to the user, but then free radius wouldn't restart. which means Default group needs to be added to a different section.

  No.

  The server gives a very clear error.  If you read the error, you'll see what's wrong.

  You should read this:  http://wiki.freeradius.org/list-help

  It explains what information we need to help you.

  You should also try explaining what you want to do.  i.e. describe your requirements, and maybe we can help you meet the requirements.  That's a much better approach than saying "I followed a 10 year-old blog post and it didn't work".

  Alan DeKok.



More information about the Freeradius-Users mailing list