HI,

I have a network switch that I'm trying to configure to allow Console port
authentication via RADIUS.

In the documentation of the switch it says:
"To provide each user with appropriate levels of access to the switch, set
the following username attributes on your RADIUS server:
- R/W access -- Set the Service-Type field value to Administrative
- Read-Only -- set the Service-Type field value to NAS-Prompt"

So, in my users file, I have defined a user:
"testuser"  NAS-IP-Address == "172.16.8.30", Cleartext-Password :=
"testing", Service-Type =="Administrative-User"


When I run in debug mode, I get the following in my log, which implies to me
that the user is successfully authorized and the Access-Accept message is
being sent back. 
Mon Apr 23 14:38:15 2007 : Debug: rlm_pap: login attempt with password
testing
Mon Apr 23 14:38:15 2007 : Debug: rlm_pap: Using clear text password
"testing".
Mon Apr 23 14:38:15 2007 : Debug: rlm_pap: User authenticated succesfully
Mon Apr 23 14:38:15 2007 : Debug:   modsingle[authenticate]: returned from
pap (rlm_pap) for request 0
Mon Apr 23 14:38:15 2007 : Debug:   modcall[authenticate]: module "pap"
returns ok for request 0
Mon Apr 23 14:38:15 2007 : Debug: modcall: leaving group PAP (returns ok)
for request 0
Sending Access-Accept of id 16 to 172.16.8.30 port 2048

However, when I run a packet capture, I see that no Radius attributes are
being passed back to the NAS device. Shouldn't I be seeing the
Administrative-User attribute?

Thanks

Matt
[EMAIL PROTECTED] 




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to