Because I see some deme/dummy tests, I assume CentOS-7's free-radius is working correctly, but something wrong on ISR 2921.
Still can't ssh with free-radius credentials.
## Log on 2921 ##
May 27 21:18:34.799: %RADIUS-4-RADIUS_ALIVE: RADIUS server 10.20.30.100:1812,1813 is being marked alive. May 27 21:30:42.837: %RADIUS-4-RADIUS_ALIVE: RADIUS server 10.20.30.100:1812,1813 is being marked alive. ISR-2921#
## Log on cent-7 ##
[root@free-radius 10.20.30.1]# cat detail-20170527 Sat May 27 14:18:34 2017 User-Name = 'dummy' Acct-Status-Type = Interim-Update Acct-Session-Id = '00000000' Acct-Authentic = RADIUS Service-Type = Framed-User NAS-IP-Address = 10.20.30.1 Acct-Delay-Time = 15 Event-Timestamp = 'May 27 2017 14:18:19 PDT' Acct-Unique-Session-Id = '99c501164df6390fd6764fea1dff5aa8' Timestamp = 1495919914 Sat May 27 14:30:42 2017 User-Name = 'freeRADIUS' Acct-Status-Type = Interim-Update Acct-Session-Id = '00000000' Acct-Authentic = RADIUS Service-Type = Framed-User NAS-IP-Address = 10.20.30.1 Acct-Delay-Time = 0 Event-Timestamp = 'May 27 2017 14:30:42 PDT' Acct-Unique-Session-Id = 'ba1171226b1950324d13959f95b82db7' Timestamp = 1495920642 [root@free-radius 10.20.30.1]# ls detail-20170527 [root@free-radius 10.20.30.1]#
## config on 2921 ##
! aaa new-model ! ! aaa group server radius RASERV server name RASERV-1 retransmit 5 timeout 10 ! aaa authentication login default group radius local-case aaa authentication login use-radius group radius local aaa authentication login vty group radius local aaa authentication ppp user-radius if-needed group radius aaa authentication dot1x default group RASERV aaa authorization exec default group radius local aaa authorization network default group radius if-authenticated aaa accounting dot1x default start-stop group RASERV aaa accounting exec default start-stop group radius aaa accounting system default start-stop group radius ! ! ip radius source-interface GigabitEthernet0/2.888 ! ! access-list 1 permit any ! radius server RASERV-1 address ipv4 10.20.30.100 auth-port 1812 acct-port 1813 automate-tester username freeRADIUS probe-on key 7 110D778223 ! line vty 0 4 login authentication vty transport input ssh !
## config on cent-7 ##
[root@free-radius 10.20.30.1]# cat /etc/raddb/clients.conf client 10.20.30.1 { ipaddr = 10.20.30.1 secret = 1ass341 require_message_authenticator = no nas_type = other } [root@free-radius 10.20.30.1]# cat /etc/raddb/users freeCISCO Auth-Type := System Service-Type = NAS-Prompt-User, cisco-avpair = "shell:priv-lvl=15"
... View more