Matt Ashfield wrote: > HI, > > I have a network switch that I'm trying to configure to allow Console port > authentication via RADIUS. > > In the documentation of the switch it says: > "To provide each user with appropriate levels of access to the switch, set > the following username attributes on your RADIUS server: > - R/W access -- Set the Service-Type field value to Administrative > - Read-Only -- set the Service-Type field value to NAS-Prompt" > > So, in my users file, I have defined a user: > "testuser" NAS-IP-Address == "172.16.8.30", Cleartext-Password := > "testing", Service-Type =="Administrative-User"
Which matches if there's a request for administrative user. You also have to acknowledge that request in the response, otherwise the NAS will not let the administrator in: "testuser" NAS-IP-Address == "172.16.8.30", Cleartext-Password := "testing", Service-Type =="Administrative-User" Service-Type := "Administrative-User" > However, when I run a packet capture, I see that no Radius attributes are > being passed back to the NAS device. Shouldn't I be seeing the > Administrative-User attribute? If you don't tell the server to send it back, no. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html