Service-Type Error

Tue, 01 Nov 2011 06:05:23 -0700 

Hello,

The FreeRadius server is a VM machine and the ESX host failed, everything came 
back and is now working apart from the following

The Radius Service, when the service starts this is the error we receive

/usr/local/etc/raddb/sites-enabled/default[219]: ERROR: Unknown value 
Administrative-User, for attribute Service-Type
/usr/local/etc/raddb/sites-enabled/default[214]: Failed to parse "update" 
subsection.
/usr/local/etc/raddb/sites-enabled/default[210]: Failed to parse "if" 
subsection.
/usr/local/etc/raddb/sites-enabled/default[62]: Errors parsing authorize 
section.

This error prevents the Network team from logging into their devices, their 
username is authenticated but they receive the following on the SSH session to 
the switch/router.

ACCEPT: Authorizing enable access and then nothing.

I have checked the following Dictionary.rfc2865 and this states that the 
administrative-user has a value of 6, which according to Cisco is correct.

We use the Radius Server for all our Wireless Authentication and this is 
working without any known issues, please find the section of the Radius 
configuration file from '/usr/local/etc/raddb/sites-available/default'. By 
commenting out the 'Service-Type' line Raduis will start, otherwise we get a 
syntax error.

        if(!control:Auth-Type && (request:NAS-Port-Type == Virtual || 
request:NAS-Port-Type == Async) && (NAS-Identifier == hudds_switches || 
NAS-Identifier == bar_switches || NAS-Identifier == old_switches || 
"%{client:clientgroup}" == "networks")){
           update control {
              Proxy-To-Realm := LOCAL
           }
           if(ldap_staff-Ldap-Group == CMSX_NETW){
              update control {
                 Auth-Type = "ntlm_auth"
              }
                 update reply {
                         Reply-Message = "ACCEPT: Authorizing enable access",
                         Cisco-AVPair = "shell:roles*\"network-admin\"",
                         Cisco-AVPair += "shell:priv-lvl+15",
#*******                 Service-Type = Administrative-User,  *****#
                         Fall-Through = No
              }
           }
        }


Help is greatly appreciated.



Rgds
Darren Shaw
The Network Team
Computing Services
University of Huddersfield
Queensgate
Huddersfield
HD1 3DH

TEL: 01484 471317
MOBILE: 07792 773807




  ________________________________

---
This transmission is confidential and may be legally privileged. If you receive 
it in error, please notify us immediately by e-mail and remove it from your 
system. If the content of this e-mail does not relate to the business of the 
University of Huddersfield, then we do not endorse it and will accept no 
liability.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to