Powered by Jitbit .Net Forum free trial version. dismiss

HomeInteroperability

Interoperability with RADIUS clients & servers

Error importing dictionary Messages in this topic - RSS

Guilherme Linden
Guilherme Linden
Posts: 8


21.07.2017
Here is the dictionary the vendor sent me:

ATTRIBUTE User-Name 1 string
ATTRIBUTE User-Password 2 string
ATTRIBUTE CHAP-Password 3 string
ATTRIBUTE NAS-IP-Address 4 ipaddr
ATTRIBUTE NAS-Port 5 integer
ATTRIBUTE Service-Type 6 integer
ATTRIBUTE framed-Protocol 7 integer
ATTRIBUTE framed-IP-Address 8 ipaddr
ATTRIBUTE framed-IP-Netmask 9 ipaddr
ATTRIBUTE framed-Routing 10 integer


# User Types

VALUE Service-Type Login-User 1
VALUE Service-Type framed-User 2
VALUE Service-Type Callback-Login-User 3
VALUE Service-Type Callback-framed-User 4
VALUE Service-Type Outbound-User 5
VALUE Service-Type Administrative-User 6
VALUE Service-Type NAS-Prompt-User 7
VALUE Service-Type Authenticate-Only 8
VALUE Service-Type Callback-NAS-Prompt 9
VALUE Service-Type Call-Check 10


When I login via radius i get guest priviledges, which is the integer 0 when I want the administrative, which is 15
0 link
Admin
Admin
Administrator
Posts: 4992


21.07.2017
Admin
Admin
Administrator
Posts: 4992
These are standard RADIUS attributes and already exists in TekRADIUS dictionary. Did your vendor provide attribute should be returned by RADIUS server?
0 link
Guilherme Linden
Guilherme Linden
Posts: 8


21.07.2017
They sad the the value 0 is for guest and 15 for admin. Wich standard attributes can I use, to see if it works?
0 link
Guilherme Linden
Guilherme Linden
Posts: 8


21.07.2017
He said in his radius, not sure what radius server he uses, it says Shell:pri-level and is passing the integer 15
0 link
Admin
Admin
Administrator
Posts: 4992


21.07.2017
Admin
Admin
Administrator
Posts: 4992
You need create a user profile with following attributes for admin login;

Attribute Type Value
User-Password check "Your password"
cisco-avpair reply shell:priv-lvl=15
Service-Type reply NAS-Prompt
edited by Admin on 21.07.2017
0 link
Admin
Admin
Administrator
Posts: 4992


21.07.2017
Admin
Admin
Administrator
Posts: 4992
Is this for your switch?

http://www.datacomsystems.com/cms3/assets/download/404
0 link
Guilherme Linden
Guilherme Linden
Posts: 8


21.07.2017
No that is not the vendor. They sent me the config they use in a FreeRadius:


DEFAULT Framed-Protocol == PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP

DEFAULT Hint == "CSLIP"
Framed-Protocol = SLIP,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "SLIP"
Framed-Protocol = SLIP

max Cleartext-Password := xxxxxxx
Service-Type = Administrative-User,
AVPair = "shell:roles=network-admin",
AVPair += "shell:priv-lvl=15"


guest Cleartext-Password := xxxxxxx
Service-Type = Login-User,
AVPair = "shell:roles=network-operator",
AVPair += "shell:priv-lvl=1"


Can I reply this config to tekradius?
0 link
Admin
Admin
Administrator
Posts: 4992


21.07.2017
Admin
Admin
Administrator
Posts: 4992
Here is a sample for admin user;

0 link
Guilherme Linden
Guilherme Linden
Posts: 8


21.07.2017
It did not work, I still login as a guest. I am using version 4.8.5.0, is there any problem with this version?
0 link
Admin
Admin
Administrator
Posts: 4992


21.07.2017
Admin
Admin
Administrator
Posts: 4992
I recommend you to upgrade to the latest version. You will need to re-define RADIUS clients in TekRADIUS after upgrading.
0 link
Guilherme Linden
Guilherme Linden
Posts: 8


21.07.2017
After upgrading it only worked using the Service-Type = Administrative. Another question, how could I make restrictions based on vendors? I would like that the same user could login into a cisco device but not into a Datacom. Any ideas?
0 link
Admin
Admin
Administrator
Posts: 4992


21.07.2017
Admin
Admin
Administrator
Posts: 4992
It depends attributes received in access requests. You can add distinguishing attribute(s) as check attributes to limit access based on vendor type.
0 link






Powered by Jitbit Forum 8.3.8.0 © 2006-2013 Jitbit Software