Login Register
 Forgot password?
 Register now

Welcome to use this form to feedback your problems with Ruijie Community

The category of your feedback

Your Feedback

Your Email address (optional):

Switch Community
Filter
How to user Radius for aaa authentication enable Reply

Sebastian Wenner

Level 1

Back+ Ask a related question
How to user Radius for aaa authentication enable
3131 9 2022-10-14 00:00:23
Original
Hi,

how to use a Radius (freeradius) server for "aaa authentication enable" on RG-S6510?
When configuring the Radius the communication works for "aaa authentication login" but not for "aaa authentication enable". I get a "Access-Accept" back from the Radius but the "enable" fails with a "% Error in authentication". Can't find any further details in the logs/debug settings. Everything looks fine but "enable" fails.
Any specific attribute I need to send back from Radius? For Huawei I needed "Huawei-Exec-Privilege = 15"
I read the command reference and config guide back and forth but could not find anything in regard to this problem.
Any hint is appreciated.
Thanks
Sebastian

Some logs
switch>enPassword:% Error in authentication.
*Oct 13 13:36:42: switch %RDS-7-EVENT:  [ 2904][                                               rds_add_attribute][ 1205]  rds_add_attribute  type = 32 len = 0
*Oct 13 13:36:42: switch %RDS-7-USER:   [ 2904][ 301989889, 14][                                  rds_add_authen][  405] Add authentication success.
*Oct 13 13:36:42: switch %RDS-7-EVENT:  [ 2904][                                           rds_get_vrf_id_by_ifx][   96] get vrf id 1234 by interface index 8193
*Oct 13 13:36:42: switch %RDS-7-EVENT:  [ 2904][                                                    rds_make_pkt][ 1546] 14 send.
*Oct 13 13:36:42: switch %RDS-7-USER:   [ 2904][ 301989889, 14][                                    rds_send_pkt][  681] Send msg success.
*Oct 13 13:36:42: switch %RDS-7-EVENT:  [ 2904][                                                  rds_authen_req][  643] radius access requests(14).
*Oct 13 13:36:42: switch %RDS-7-USER:   [ 2904][ 301989889, 14][                           rds_proc_protocol_pkt][ 1127] Receive packet from server 1.2.3.4
*Oct 13 13:36:42: switch %RDS-7-USER:   [ 2904][ 301989889, 14][                         rds_get_result_from_pkt][ 1047] Radius access-accept.
*Oct 13 13:36:42: switch %RDS-7-USER:   [ 2904][ 301989889, 14][                         rds_get_result_from_pkt][ 1058] auth round trip: (1126893, 1126893, 0).
*Oct 13 13:36:42: switch %RDS-7-USER:   [ 2904][ 301989889, 14][                         rds_get_result_from_pkt][ 1092] attr resolve begin..
*Oct 13 13:36:42: switch %RDS-7-USER:   [ 2904][ 301989889, 14][                         rds_get_result_from_pkt][ 1108] attr resolve end..
*Oct 13 13:36:42: switch %RDS-7-EVENT:  [ 2904][                                           rds_get_vrf_id_by_ifx][   96] get vrf id 1234 by interface index 8193
*Oct 13 13:36:42: switch %RDS-7-USER:   [ 2904][ 301989889, 14][                                 rds_delete_user][  382] Delete user.
*Oct 13 13:36:42: switch %RDS-7-USER:   [ 2904][ 301989889, 14][                                rds_release_user][  352] Free user
*Oct 13 13:36:42: switch %RDS-7-EVENT:  [ 2904][                             rds_proc_in_msg_from_other_or_timer][ 1467] Thread[1] receive info message.
RG-S6510-48VS8CQ

Switch Configuration Radius
Reply Helpful(0)
All replies (9)
  • Subscribe
0 2022-10-14 15:09:25 View all replies
Hi, sir
May I know your firmware version?
For this situation, you may contact our engineers on Rita for further check

Reply Helpful(0) Recommended
  • Subscribe
0 2022-10-17 14:32:39 View all replies
Patrick replied at 2022-10-14 15:09
Hi, sir
May I know your firmware version?
For this situation, you may contact our engineers on Rita  ...

Hi,
we're running 11.0(5)B9P62S6.
Thanks
Sebastian

Reply Helpful(0) Recommended
  • Subscribe
0 2022-10-17 17:53:29 View all replies
Sebastian Wenner replied at 2022-10-17 14:32
Hi,
we're running 11.0(5)B9P62S6.
Thanks

Hi, sir.
You can try this command on cli of this switch:
conf
username xxxx privilege 15 password xxxxx
line vty 0 4
privilege level 15
end
wr

Reply Helpful(0) Recommended
  • Subscribe
0 2022-10-21 18:01:13 View all replies
Thanks for the answers.
What actually helped was using
Service-Type = "Administrative-User"
in the reply from Radius.

Reply Helpful(0) Recommended
  • Subscribe
0 2022-10-21 20:10:49 View all replies
Sebastian Wenner replied at 2022-10-21 18:01
Thanks for the answers.
What actually helped was using
Service-Type = "Administrative-User"
[/ ...
Thanks for your information, sir

Reply Helpful(0) Recommended
  • Subscribe
0 2024-8-29 20:29:05 View all replies
GTAC-Patrick replied at 2022-10-21 20:10
Thanks for your information, sir

Hi!
I need to send a specific privilege level in Radius Reply. Could you give me a clue, what Radius Attribute I should use?

Reply Helpful(0) Recommended
  • Subscribe
0 2024-8-29 20:56:15 View all replies
Alex None replied at 2024-8-29 20:29
Hi!
I need to send a specific privilege level in Radius Reply. Could you give me a clue, what Radi ...

Dear,

May you share with me your device model first please? thank you for your cooperation

Best regards,
Micca

Reply Helpful(0) Recommended
  • Subscribe
0 2024-8-29 21:51:40 View all replies
GTAC-Micca replied at 2024-8-29 20:56
Dear,

May you share with me your device model first please? thank you for your cooperation

Thank you for reply.

This is Ruijie RG-S6120.

Reply Helpful(0) Recommended
  • Subscribe
0 2024-9-4 20:19:08 View all replies
GTAC-Micca replied at 2024-8-29 20:56
Dear,

May you share with me your device model first please? thank you for your cooperation

No ideas?

Reply Helpful(0) Recommended
Related Posts
Product Model
Switch

Share this topic to

Cancel

This site contains user submitted content, comments and opinions and is for informational purposes only. Ruijie may provide or recommend responses as a possible solution based on the information provided; every potential issue may involve several factors not detailed in the conversations captured in an electronic forum and Ruijie can therefore provide no guarantee as to the efficacy of any proposed solutions on the community forums. Ruijie disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Ruijie Community Terms of Use.

More ways to get help: Visit Support Videos, call us via Service Hotline, Facebook or Live Chat.

©2000-2023 Ruijie Networks Co,Ltd