All, I am currently trying to get freeradius-0.7.1 to work with an Extreme Networks Summit 24 switch. The Extreme Switch is running "Extremeware Version 4.1.19 (Build 2)".
My goal is to be able to have users login into the Extreme as either normal (non enable/administrative) or with full configuration access. However, all users login via the non-administrative user level, not allowing any configuration access to the switch. Has anyone seen this issue before, or does anyone have freeradius-0.7.1 working with an Extreme Switch? Any and all help is much appreciated. My user's file is as follows: bpavane@s01 [11:15 etc 21] tcsh# cat raddb/users brian Password="test123" Service-Type="1", filter-Id="unlim" pavane Password="test321" Service-Type="6", filter-Id="unlim" bpavane@s01 [11:15 etc 22] tcsh# And when I run radiusd in debug mode I get the following output: bpavane@s01 [11:14 etc 20] tcsh# /opt/local/sbin/radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /opt/local/etc/raddb/proxy.conf Config: including file: /opt/local/etc/raddb/snmp.conf Config: including file: /opt/local/etc/raddb/sql.conf main: prefix = "/opt/local" main: localstatedir = "/opt/local/var" main: logdir = "/opt/local/var/log/radius" main: libdir = "/opt/local/lib" main: radacctdir = "/opt/local/var/log/radius/radacct" main: hostname_lookups = no read_config_files: reading dictionary read_config_files: reading clients read_config_files: reading realms read_config_files: reading naslist main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 1645 main: allow_core_dumps = no main: log_stripped_names = yes main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = "/opt/local/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: proxy_requests = no proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 security: max_attributes = 200 security: reject_delay = 1 main: debug_level = 0 read_config_files: entering modules setup Module: Library search path is /opt/local/lib Module: Loaded System unix: cache = yes unix: passwd = "/etc/passwd" unix: shadow = "/etc/shadow" unix: group = "/etc/group" unix: radwtmp = "/opt/local/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 HASH: Reinitializing hash structures and lists for caching... HASH: user root found in hashtable bucket 11726 HASH: user daemon found in hashtable bucket 11668 HASH: user bin found in hashtable bucket 86651 HASH: user sys found in hashtable bucket 64201 HASH: user adm found in hashtable bucket 26466 HASH: user lp found in hashtable bucket 54068 HASH: user uucp found in hashtable bucket 38541 HASH: user nuucp found in hashtable bucket 74587 HASH: user listen found in hashtable bucket 49327 HASH: user nobody found in hashtable bucket 99723 HASH: user noaccess found in hashtable bucket 80609 HASH: user nobody4 found in hashtable bucket 84789 HASH: user bpavane found in hashtable bucket 42141 HASH: Stored 31 entries from /etc/passwd HASH: Stored 36 entries from /etc/group Module: Instantiated unix (unix) Module: Loaded preprocess preprocess: huntgroups = "/opt/local/etc/raddb/huntgroups" preprocess: hints = "/opt/local/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/opt/local/etc/raddb/users" files: acctusersfile = "/opt/local/etc/raddb/acct_users" files: compat = "no" auth_type_fixup: Auth-Type [1000] auth_type_fixup: Password [2] auth_type_fixup: Auth-Type [1000] auth_type_fixup: Password [2] [/opt/local/etc/raddb/users]:1 WARNING! Changing 'Password =' to 'Password ==' ?for comparing RADIUS attribute in check item list for user brian [/opt/local/etc/raddb/users]:5 WARNING! Changing 'Password =' to 'Password ==' ?for comparing RADIUS attribute in check item list for user pavane Module: Instantiated files (files) Module: Loaded detail detail: detailfile = "/opt/local/var/log/radius/radacct/%{Client-IP-Address}/detail" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/opt/local/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on IP address *, ports 1645/udp and 1646/udp. Ready to process requests. rad_recv: Access-Request packet from host 64.xx.xx.161:1026, id=197, length=57 User-Name = "brian" User-Password = "\336B\366e\216\036\356\031\264\337z\356\310s\037-" NAS-IP-Address = 10.1.2.105 Service-Type = Login-User modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_realm: Looking up realm NULL for User-Name = "brian" rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched brian at 1 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password matches local User-Password Login OK: [brian/test123] (from client 64.xx.xx.161 port 0) Sending Access-Accept of id 197 to 64.xx.xx.161:1026 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 197 with timestamp 3dd3cbf0 Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 64.xx.xx.161:1026, id=45, length=58 User-Name = "pavane" User-Password = "\257\273\204}tR\317\255\36038\312\253&<\275" NAS-IP-Address = 10.1.2.105 Service-Type = Login-User modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_realm: Looking up realm NULL for User-Name = "pavane" rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched pavane at 5 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password matches local User-Password Login OK: [pavane/test321] (from client 64.xx.xx.161 port 0) Sending Access-Accept of id 45 to 64.xx.xx.161:1026 Finished request 1 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 45 with timestamp 3dd3cbf8 Nothing to do. Sleeping until we see a request. ^CMASTER: exit on signal (2) bpavane@s01 [11:14 etc 21] tcsh# - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html