X460-24x and FreeRadius

  • 0
  • 1
  • Question
  • Updated 5 years ago
  • Answered
Create Date: Aug 14 2012 11:06PM

Good day!
May be you can help me?
I have a X460-24x configured to be a radius client.
But can't login to switch with read-write privileges. Only with read rights.
The user in userss file looks like:
user            Crypt-Password := '/fc/f%Q(T2msY', Auth-Type := Crypt-Local
                Service-Type = NAS-Prompt-User,
                Service-Type = Login-User,
                Cisco-AVPair = "shell:priv-lvl=15",
                Extreme-CLI-Authorization = Disabled

I have added to the dictionary file:
VENDOR  Extreme 1916
ATTRIBUTE       Extreme-CLI-Authorization       201     integer Extreme
ATTRIBUTE       Extreme-Shell-Command   202     string  Extreme
ATTRIBUTE       Extreme-Netlogin-Vlan   203     string  Extreme
ATTRIBUTE       Extreme-Netlogin-Url    204     string  Extreme
ATTRIBUTE       Extreme-Netlogin-Url-Desc       205     string  Extreme
ATTRIBUTE       Extreme-Netlogin-Only   206     integer Extreme
ATTRIBUTE       Extreme-User-Location   208     string  Extreme
ATTRIBUTE       Extreme-Netlogin-Vlan-Tag       209     integer Extreme
ATTRIBUTE       Extreme-Netlogin-Extended-Vlan  211     string  Extreme
ATTRIBUTE       Extreme-Security-Profile        212     string  Extreme
VALUE   Extreme-CLI-Authorization       Disabled        0
VALUE   Extreme-CLI-Authorization       Enabled 1
VALUE   Extreme-Netlogin-Only   Disabled        0
VALUE   Extreme-Netlogin-Only   Enabled 1
END-VENDOR      Extreme

Then i`am trying to login tcpdump shows:
         Access Accept (2), id: 0x56, Authenticator: bb4ce22bbe219e946974870d0dd5005a
          Service Type Attribute (6), length: 6, Value: NAS Prompt
          Vendor Specific Attribute (26), length: 25, Value: Vendor: Cisco (9)
            Vendor Attribute: 1, Length: 17, Value: shell:priv-lvl=15
          Vendor Specific Attribute (26), length: 12, Value: Vendor: Unknown (1916)
            Vendor Attribute: 201, Length: 4, Value: ....

I see that Vendor Attribute: 201 value is .... But it should be 0 i think.

At the same time radiusd -x  shows:
Sending Access-Accept of id 87 to port 56198
        Service-Type = NAS-Prompt-User
        Cisco-AVPair = "shell:priv-lvl=15"
        Extreme-CLI-Authorization = Disabled

There is a string value - Disabled. That's better but anyway i thought it should be 0.
May be this is the case. What can you suggest?
Thank you!

(from Tim_Kap)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb

Posted 5 years ago

  • 0
  • 1
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Aug 16 2012 4:03PM

You will need this attribute:

Service-Type = Administrative

(from john_padilla)

This conversation is no longer open for comments or replies.