cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1566
Views
5
Helpful
3
Replies

RV345 Radius setup

1stsupport
Level 1
Level 1

It appears I have the remote authentication working with server 2008:

pptp: pam_radius_auth: User username authentication succeeded

pptp: PAM Authentication OK for myname

But, then:

pptp: Attempting PAM account checks

userauth: Localdb: authorization not enabled on group:(junk characters),service:pptp

pptp: PAP peer authentication failed for myname

pptp: Localdb:authorization failed as group is NULL

pptp: PAM account checks failed: 6: permission denied.

 

Help?

3 Replies 3

1stsupport
Level 1
Level 1

Nothing? I am running latest firmware.

Hi,
 I have the same issue   i had configure radius but  seems not work i got that logs,

 

Ready to process requests.
rad_recv: Access-Request packet from host 192.168.90.1 port 35826, id=208, length=79
User-Name = "cisco"
User-Password = "cisco"
NAS-IP-Address = 192.168.90.1
NAS-Identifier = "weblogin"
NAS-Port = 22956
NAS-Port-Type = Virtual
Service-Type = Authenticate-Only
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "cisco", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] No EAP-Message, not doing EAP
++[eap] = noop
[files] users: Matched entry cisco at line 151
++[files] = ok
++[expiration] = noop
++[logintime] = noop
++[pap] = updated
+} # group authorize = updated
Found Auth-Type = PAP
# Executing group from file /etc/raddb/sites-enabled/default
+group PAP {
[pap] login attempt with password "cisco"
[pap] Using clear text password "cisco"
[pap] User authenticated successfully
++[pap] = ok
+} # group PAP = ok
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+group post-auth {
++[exec] = noop
+} # group post-auth = noop
Sending Access-Accept of id 208 to 192.168.90.1 port 35826
Service-Type = NAS-Prompt-User
Cisco-AVPair = "shell:priv-lvl=15"
Finished request 0.
Going to the next request

 

 

Seems here everhink  is good configuration is 

client.conf

client 192.168.90.1 {
secret = secretkey
nastype = cisco
shortname = tendoRouter
}

 

 

cisco Cleartext-Password := "cisco"
Service-Type = NAS-Prompt-User,
Cisco-AVPair = "shell:priv-lvl=15"

Syslog say 

weblogin - - [meta sequenceId="27"] Localdb:authorization failed as group is NULL

 

 

Could you tell me where is the issue ?

 

Could you tell me where is the issue ? 

 

 

Hi  we found how to fix that issue 

First  we need to in the groups in cisco then  you need to create group lets say with name  readonlygroup and on this group we need to select permition lets say readonly with login or whatever .

Then we need to go in users in radius and  settings shoud be that 

 

Userreadonly Cleartext-Password := "passreadonly"
Service-Type = NAS-Prompt-User,
Class = readonlygroup,
Cisco-AVPair = "shell:roles=network-admin vdc-admin vdc-operator"

Most important settin is Class = readonlygroup,  that class say in which group user shoud be assing

If your group  in cisco is with name  GROUPEXAMPLE   you  need to change Class = GROUPEXAMPLE   

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: