All,
I am currently trying to get freeradius-0.7.1 to work with an Extreme
Networks Summit 24 switch. The Extreme Switch is running "Extremeware
Version 4.1.19 (Build 2)".
My goal is to be able to have users login into the Extreme as either
normal (non enable/administrative) or with full configuration access.
However, all users login via the non-administrative user level, not
allowing any configuration access to the switch.
Has anyone seen this issue before, or does anyone have freeradius-0.7.1
working with an Extreme Switch?
Any and all help is much appreciated.
My user's file is as follows:
bpavane@s01 [11:15 etc 21] tcsh# cat raddb/users
brian Password="test123"
Service-Type="1",
filter-Id="unlim"
pavane Password="test321"
Service-Type="6",
filter-Id="unlim"
bpavane@s01 [11:15 etc 22] tcsh#
And when I run radiusd in debug mode I get the following output:
bpavane@s01 [11:14 etc 20] tcsh# /opt/local/sbin/radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /opt/local/etc/raddb/proxy.conf
Config: including file: /opt/local/etc/raddb/snmp.conf
Config: including file: /opt/local/etc/raddb/sql.conf
main: prefix = "/opt/local"
main: localstatedir = "/opt/local/var"
main: logdir = "/opt/local/var/log/radius"
main: libdir = "/opt/local/lib"
main: radacctdir = "/opt/local/var/log/radius/radacct"
main: hostname_lookups = no
read_config_files: reading dictionary
read_config_files: reading clients
read_config_files: reading realms
read_config_files: reading naslist
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 1645
main: allow_core_dumps = no
main: log_stripped_names = yes
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = "/opt/local/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: proxy_requests = no
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
security: max_attributes = 200
security: reject_delay = 1
main: debug_level = 0
read_config_files: entering modules setup
Module: Library search path is /opt/local/lib
Module: Loaded System
unix: cache = yes
unix: passwd = "/etc/passwd"
unix: shadow = "/etc/shadow"
unix: group = "/etc/group"
unix: radwtmp = "/opt/local/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
HASH: Reinitializing hash structures and lists for caching...
HASH: user root found in hashtable bucket 11726
HASH: user daemon found in hashtable bucket 11668
HASH: user bin found in hashtable bucket 86651
HASH: user sys found in hashtable bucket 64201
HASH: user adm found in hashtable bucket 26466
HASH: user lp found in hashtable bucket 54068
HASH: user uucp found in hashtable bucket 38541
HASH: user nuucp found in hashtable bucket 74587
HASH: user listen found in hashtable bucket 49327
HASH: user nobody found in hashtable bucket 99723
HASH: user noaccess found in hashtable bucket 80609
HASH: user nobody4 found in hashtable bucket 84789
HASH: user bpavane found in hashtable bucket 42141
HASH: Stored 31 entries from /etc/passwd
HASH: Stored 36 entries from /etc/group
Module: Instantiated unix (unix)
Module: Loaded preprocess
preprocess: huntgroups = "/opt/local/etc/raddb/huntgroups"
preprocess: hints = "/opt/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/opt/local/etc/raddb/users"
files: acctusersfile = "/opt/local/etc/raddb/acct_users"
files: compat = "no"
auth_type_fixup: Auth-Type [1000]
auth_type_fixup: Password [2]
auth_type_fixup: Auth-Type [1000]
auth_type_fixup: Password [2]
[/opt/local/etc/raddb/users]:1 WARNING! Changing 'Password =' to 'Password
==' ?for comparing RADIUS attribute in check item list for user brian
[/opt/local/etc/raddb/users]:5 WARNING! Changing 'Password =' to 'Password
==' ?for comparing RADIUS attribute in check item list for user pavane
Module: Instantiated files (files)
Module: Loaded detail
detail: detailfile =
"/opt/local/var/log/radius/radacct/%{Client-IP-Address}/detail"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/opt/local/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on IP address *, ports 1645/udp and 1646/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 64.xx.xx.161:1026, id=197,
length=57
User-Name = "brian"
User-Password =
"\336B\366e\216\036\356\031\264\337z\356\310s\037-"
NAS-IP-Address = 10.1.2.105
Service-Type = Login-User
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_realm: Looking up realm NULL for User-Name = "brian"
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched brian at 1
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
Login OK: [brian/test123] (from client 64.xx.xx.161 port 0)
Sending Access-Accept of id 197 to 64.xx.xx.161:1026
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 197 with timestamp 3dd3cbf0
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 64.xx.xx.161:1026, id=45,
length=58
User-Name = "pavane"
User-Password = "\257\273\204}tR\317\255\36038\312\253&<\275"
NAS-IP-Address = 10.1.2.105
Service-Type = Login-User
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_realm: Looking up realm NULL for User-Name = "pavane"
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched pavane at 5
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
Login OK: [pavane/test321] (from client 64.xx.xx.161 port 0)
Sending Access-Accept of id 45 to 64.xx.xx.161:1026
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 45 with timestamp 3dd3cbf8
Nothing to do. Sleeping until we see a request.
^CMASTER: exit on signal (2)
bpavane@s01 [11:14 etc 21] tcsh#
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
