Ruijie Community
Title: How to user Radius for aaa authentication enable [Print this page]
Author: sebastian.wenne Time: 2022-10-14 00:00
Title: How to user Radius for aaa authentication enable
Hi,
how to use a Radius (freeradius) server for "aaa authentication enable" on RG-S6510?
When configuring the Radius the communication works for "aaa authentication login" but not for "aaa authentication enable". I get a "Access-Accept" back from the Radius but the "enable" fails with a "% Error in authentication". Can't find any further details in the logs/debug settings. Everything looks fine but "enable" fails.
Any specific attribute I need to send back from Radius? For Huawei I needed "Huawei-Exec-Privilege = 15"
I read the command reference and config guide back and forth but could not find anything in regard to this problem.
Any hint is appreciated.
Thanks
Sebastian
Some logs
switch>enPassword:% Error in authentication.
*Oct 13 13:36:42: switch %RDS-7-EVENT: [ 2904][ rds_add_attribute][ 1205] rds_add_attribute type = 32 len = 0
*Oct 13 13:36:42: switch %RDS-7-USER: [ 2904][ 301989889, 14][ rds_add_authen][ 405] Add authentication success.
*Oct 13 13:36:42: switch %RDS-7-EVENT: [ 2904][ rds_get_vrf_id_by_ifx][ 96] get vrf id 1234 by interface index 8193
*Oct 13 13:36:42: switch %RDS-7-EVENT: [ 2904][ rds_make_pkt][ 1546] 14 send.
*Oct 13 13:36:42: switch %RDS-7-USER: [ 2904][ 301989889, 14][ rds_send_pkt][ 681] Send msg success.
*Oct 13 13:36:42: switch %RDS-7-EVENT: [ 2904][ rds_authen_req][ 643] radius access requests(14).
*Oct 13 13:36:42: switch %RDS-7-USER: [ 2904][ 301989889, 14][ rds_proc_protocol_pkt][ 1127] Receive packet from server 1.2.3.4
*Oct 13 13:36:42: switch %RDS-7-USER: [ 2904][ 301989889, 14][ rds_get_result_from_pkt][ 1047] Radius access-accept.
*Oct 13 13:36:42: switch %RDS-7-USER: [ 2904][ 301989889, 14][ rds_get_result_from_pkt][ 1058] auth round trip: (1126893, 1126893, 0).
*Oct 13 13:36:42: switch %RDS-7-USER: [ 2904][ 301989889, 14][ rds_get_result_from_pkt][ 1092] attr resolve begin..
*Oct 13 13:36:42: switch %RDS-7-USER: [ 2904][ 301989889, 14][ rds_get_result_from_pkt][ 1108] attr resolve end..
*Oct 13 13:36:42: switch %RDS-7-EVENT: [ 2904][ rds_get_vrf_id_by_ifx][ 96] get vrf id 1234 by interface index 8193
*Oct 13 13:36:42: switch %RDS-7-USER: [ 2904][ 301989889, 14][ rds_delete_user][ 382] Delete user.
*Oct 13 13:36:42: switch %RDS-7-USER: [ 2904][ 301989889, 14][ rds_release_user][ 352] Free user
*Oct 13 13:36:42: switch %RDS-7-EVENT: [ 2904][ rds_proc_in_msg_from_other_or_timer][ 1467] Thread[1] receive info message.
Author: GTAC-Patrick Time: 2022-10-14 15:09
Hi, sir
May I know your firmware version?
For this situation, you may contact our engineers on Rita for further check
Author: sebastian.wenne Time: 2022-10-17 14:32
Hi,
we're running 11.0(5)B9P62S6.
Thanks
Sebastian
Author: GTAC-Patrick Time: 2022-10-17 17:53
Hi, sir.
You can try this command on cli of this switch:
conf
username xxxx privilege 15 password xxxxx
line vty 0 4
privilege level 15
end
wr
Author: sebastian.wenne Time: 2022-10-21 18:01
Thanks for the answers.
What actually helped was using
Service-Type = "Administrative-User"
in the reply from Radius.
Author: GTAC-Patrick Time: 2022-10-21 20:10
[/ ...
Thanks for your information, sir
Author: alexander.mosie Time: 2024-8-29 20:29
Hi!
I need to send a specific privilege level in Radius Reply. Could you give me a clue, what Radius Attribute I should use?
Author: guominxiang@rui Time: 2024-8-29 20:56
Dear,
May you share with me your device model first please? thank you for your cooperation
Best regards,
Micca
Author: alexander.mosie Time: 2024-8-29 21:51
Thank you for reply.
This is Ruijie RG-S6120.
Author: alexander.mosie Time: 2024-9-4 20:19
No ideas?
| Welcome to Ruijie Community (https://community.ruijienetworks.com/) |
Powered by Discuz! X3.2 |