Hi Alan,
Thank you for your reply and sorry for late reply. I have figured out for
SSR, but still can't record the telneting IP address (caller-id). I guess
it's because the packet format sent to radius server is not with caller-id
information. If it is correct then, we can't do anything unless just accept
what it is.
My current issue is the Matrix E7, since it's very basic menu based
configuration which I can only define radius server ip address, radius key,
authentication port, not accounting port. When I ran debugging mode, radius
already accept-request, but It is still prompting for username and
password. I think I have to put the attribute which is
"Enterasys:mgmt=su:policy=admin" somewhere. Could you advise me where to
put this attribute? I guess it makes sense if I put this in either
clients.conf or users file, but not sure what the command is.
Thank you,
Kiki
The current comparison as follow:
When I use Microsoft IAS. the Result was:
Cisco: Can do Authentication, accounting (start/stop), can
record source telnet users' IP Address. Basically it's working fine, but
the log
file was mixed, hard to manage and trace.
Enterasys Matirx E7: Can do Authentication, can record start
time, but not stop time. Can't record source telnet users' IP Address.
Enterasys SSR: Can do Authentication and accounting
(start/stop). Can't record the telneting IP address (caller-id).
When I use Linux Freeradius-0.9.0, the result was:
Cisco: Can do Authentication, accounting (start/stop), can
record source telnet users' IP Address. Basically it's working fine, even
better since it can record per Client IP Address per date basis.
Enterasys Matirx E7: Still can't work.
Enterasys SSR: Can do Authentication and accounting
(start/stop). Can't record the telneting IP address (caller-id).
Here is the debug result for Matrix E7:
Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on
1814/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.7.13:12297, id=9,
length=58
User-Name = "matrix"
User-Password = "matrix"
NAS-IP-Address = 192.168.7.13
NAS-Port = 55
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "chap" returns noop
rlm_eap: EAP-Message not found
modcall[authorize]: module "eap" returns noop
rlm_realm: No '@' in User-Name = "matrix", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop
users: Matched matrix at 77
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "mschap" returns noop
modcall: group authorize returns ok
auth: type Local
auth: user supplied User-Password matches local User-Password
Sending Access-Accept of id 9 to 192.168.7.13:12297
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 9 with timestamp 3f31b483
Nothing to do. Sleeping until we see a request.
Here is the debug result for SSR:
Nothing to do. Sleeping until we see a request.
rad_recv: Accounting-Request packet from host 10.80.5.115:1222, id=32,
length=85
Acct-Status-Type = Accounting-On
Acct-Session-Id = "544"
Acct-Authentic = Local
User-Name = "user"
Attr-368574465 =
0x436f6d6d616e642d436f646520286c6576656c3a203135293a20656e
NAS-IP-Address = 10.80.5.115
modcall: entering group preacct
modcall[preacct]: module "preprocess" returns noop
rlm_realm: No '@' in User-Name = "user", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[preacct]: module "suffix" returns noop
modcall[preacct]: module "files" returns noop
modcall: group preacct returns noop
modcall: entering group accounting
rlm_acct_unique: WARNING: Attribute NAS-Port-Id was not found in request,
unique ID MAY be inconsistent
rlm_acct_unique: Hashing ',Client-IP-Address = 10.80.5.115,NAS-IP-Address
= 10.80.5.115,Acct-Session-Id = "544",User-Name = "user"'
rlm_acct_unique: Acct-Unique-Session-ID = "6f7fc6f7c2a4180b".
modcall[accounting]: module "acct_unique" returns ok
radius_xlat: '/usr/local/var/log/radius/radacct/10.80.5.115/Log-20030807'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/Log-%Y%m%d expands
to /usr/local/var/log/radius/radacct/10.80.5.7
modcall[accounting]: module "detail" returns ok
modcall[accounting]: module "unix" returns noop
radius_xlat: '/usr/local/var/log/radius/radutmp'
rlm_radutmp: NAS 10.80.5.115 restarted (Accounting-On packet seen)
modcall[accounting]: module "radutmp" returns ok
modcall: group accounting returns ok
Sending Accounting-Response of id 32 to 10.80.5.115:1222
Finished request 2
Going to the next request
--- Walking the entire request list ---
Cleaning up request 2 ID 32 with timestamp 3f31b5ef
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 10.80.5.115:1223, id=33,
length=55
User-Name = "ssr"
User-Password = "ssr"
Service-Type = Authenticate-Only
NAS-IP-Address = 10.80.5.115
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "chap" returns noop
rlm_eap: EAP-Message not found
modcall[authorize]: module "eap" returns noop
rlm_realm: No '@' in User-Name = "ssr", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop
users: Matched ssr at 75
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "mschap" returns noop
modcall: group authorize returns ok
auth: type Local
auth: user supplied User-Password matches local User-Password
Sending Access-Accept of id 33 to 10.80.5.115:1223
Finished request 3
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 3 ID 33 with timestamp 3f31b5f3
Nothing to do. Sleeping until we see a request.
rad_recv: Accounting-Request packet from host 10.80.5.115:1224, id=34,
length=86
Acct-Status-Type = Accounting-On
Acct-Session-Id = "544"
Acct-Authentic = RADIUS
User-Name = "ssr"
Attr-368574465 =
0x436f6d6d616e642d436f646520286c6576656c3a203130293a2065786974
NAS-IP-Address = 10.80.5.115
modcall: entering group preacct
modcall[preacct]: module "preprocess" returns noop
rlm_realm: No '@' in User-Name = "ssr", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[preacct]: module "suffix" returns noop
modcall[preacct]: module "files" returns noop
modcall: group preacct returns noop
modcall: entering group accounting
rlm_acct_unique: WARNING: Attribute NAS-Port-Id was not found in request,
unique ID MAY be inconsistent
rlm_acct_unique: Hashing ',Client-IP-Address = 10.80.5.115,NAS-IP-Address
= 10.80.5.115,Acct-Session-Id = "544",User-Name = "ssr"'
rlm_acct_unique: Acct-Unique-Session-ID = "ab544866f1bd5789".
modcall[accounting]: module "acct_unique" returns ok
radius_xlat: '/usr/local/var/log/radius/radacct/10.80.5.115/Log-20030807'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/Log-%Y%m%d expands
to /usr/local/var/log/radius/radacct/10.80.5.7
modcall[accounting]: module "detail" returns ok
modcall[accounting]: module "unix" returns noop
radius_xlat: '/usr/local/var/log/radius/radutmp'
rlm_radutmp: NAS 10.80.5.115 restarted (Accounting-On packet seen)
modcall[accounting]: module "radutmp" returns ok
modcall: group accounting returns ok
Sending Accounting-Response of id 34 to 10.80.5.115:1224
Finished request 4
Going to the next request
--- Walking the entire request list ---
Cleaning up request 4 ID 34 with timestamp 3f31b5fa
Nothing to do. Sleeping until we see a request.
rad_recv: Accounting-Request packet from host 10.80.5.115:1225, id=35,
length=86
Acct-Status-Type = Accounting-On
Acct-Session-Id = "544"
Acct-Authentic = RADIUS
User-Name = "ssr"
Attr-368574465 =
0x436f6d6d616e642d436f646520286c6576656c3a203135293a2065786974
NAS-IP-Address = 10.80.5.115
modcall: entering group preacct
modcall[preacct]: module "preprocess" returns noop
rlm_realm: No '@' in User-Name = "ssr", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[preacct]: module "suffix" returns noop
modcall[preacct]: module "files" returns noop
modcall: group preacct returns noop
modcall: entering group accounting
rlm_acct_unique: WARNING: Attribute NAS-Port-Id was not found in request,
unique ID MAY be inconsistent
rlm_acct_unique: Hashing ',Client-IP-Address = 10.80.5.115,NAS-IP-Address
= 10.80.5.115,Acct-Session-Id = "544",User-Name = "ssr"'
rlm_acct_unique: Acct-Unique-Session-ID = "ab544866f1bd5789".
modcall[accounting]: module "acct_unique" returns ok
radius_xlat: '/usr/local/var/log/radius/radacct/10.80.5.115/Log-20030807'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/Log-%Y%m%d expands
to /usr/local/var/log/radius/radacct/10.80.5.7
modcall[accounting]: module "detail" returns ok
modcall[accounting]: module "unix" returns noop
radius_xlat: '/usr/local/var/log/radius/radutmp'
rlm_radutmp: NAS 10.80.5.115 restarted (Accounting-On packet seen)
modcall[accounting]: module "radutmp" returns ok
modcall: group accounting returns ok
Sending Accounting-Response of id 35 to 10.80.5.115:1225
Finished request 5
Going to the next request
--- Walking the entire request list ---
Cleaning up request 5 ID 35 with timestamp 3f31b5fd
Nothing to do. Sleeping until we see a request.
"Alan Litster" <[EMAIL PROTECTED]> 01/08/2003 04:50 PM
Sent by: [EMAIL PROTECTED]
Please respond to freeradius-users
To: <[EMAIL PROTECTED]>
cc: (bcc: KIKI Widjaja/IT/CHRT/ST Group)
Subject: RE: Linux Freeradius-.0.9.0 and Enterasys compatibility
Have you tried running FreeRADIUS in debug mode, radiusd -X, to see what
values it is being passed?
> -----Original Message-----
> Hello,
>
> I want to use radius to centralize (Telnet)username/password and
> accounting
> (start/stop). I have 3 products which are Cisco, Enterasys Matrix E7, and
> Enterasys SSR 8600.
> When I use Microsoft IAS. the Result was:
> Cisco: Can do Authentication, accounting (start/stop), can
> record source telnet users' IP Address. Basically it's working fine, but
> the log
> file was mixed, hard to manage and trace.
> Enterasys Matirx E7: Can do Authentication, can record start
> time, but not stop time. Can't record source telnet users' IP Address.
> Enterasys SSR: Can do Authentication, can record start/stop.
> Can't record source telnet users' IP Address.
>
> When I use Linux Freeradius-0.9.0, the result was:
> Cisco: Can do Authentication, accounting (start/stop), can
> record source telnet users' IP Address. Basically it's working fine, even
> better since it can record per Client IP Address per date
> basis.
> Enterasys Matirx E7: Can only do Authentication.
> Enterasys SSR: Can only do Authentication.
>
> I need some advice. Has anyone ever configured Freeradius on E7 or SSR
> before?
>
> Thank you,
> Kiki
-------------------------------------------------------------------------------------------------------
This email, and any files transmitted with it, is copyright and may contain
confidential information.
The contents are intended for the use of the addressee(s) only.
Unauthorized use may be unlawful.
If you receive this email by mistake, please advise sender immediately.
The views of the author may not necessarily constitute the views of Telco
Electronics Limited.
Nothing in this mail shall bind Telco Electronics Limited in any contract
or obligation.
Telco Electronics Limited
6-8 Oxford Court
Brackley
Northants
NN13 7XY
Tel 07000 701999
Fax 07000 701777
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
[This e-mail is confidential and may also be privileged. If you are not the
intended recipient, please delete it and notify us immediately; you should
not copy or use it for any purpose, nor disclose its contents to any other
person. Thank you.]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
