I am attempting to configure RADIUS authentication on a Netonix WS switch running firmware 1.5.26.
I found several forum posts referencing RADIUS VSAs, however I have not been able to find documentation listing the actual supported attributes or whether they are required for basic administrative login.
My goal is not role-based access or privilege assignment. I simply want a standard RADIUS authentication flow where a user such as john.doe authenticates successfully against FreeRADIUS/LDAP, receives an Access-Accept, and is then allowed administrative login to the switch.
FreeRADIUS debug output confirms:
-LDAP bind succeeds
-Group membership checks succeed
-Access-Accept is returned successfully
-No rejects are being sent by the RADIUS server
However, the switch immediately reports “invalid username/password” after the Access-Accept is sent.
Are any Netonix-specific VSAs or reply attributes required for successful admin login, or should a standard Access-Accept without VSAs be sufficient?
Also, does the username need to already exist locally on the switch for RADIUS authentication to function properly?
Radius Attributes
-
redpeppers - Member
- Posts: 16
- Joined: Sat Jan 16, 2016 4:56 pm
- Location: Lebanon, MO
- Has thanked: 1 time
- Been thanked: 0 time
-
sakita - Experienced Member
- Posts: 227
- Joined: Mon Aug 17, 2015 2:44 pm
- Location: Arizona, USA
- Has thanked: 109 times
- Been thanked: 90 times
Re: Radius Attributes
Release notes for 1.5.26 includes this comment:
KNOWN ISSUES
- FreeRADIUS is BROKEN
KNOWN ISSUES
- FreeRADIUS is BROKEN
Today is an average day: Worse than yesterday, but better than tomorrow.
2 posts
Page 1 of 1
Who is online
Users browsing this forum: No registered users and 52 guests