Showing results for 
Search instead for 
Did you mean: 

RV345 Radius setup


It appears I have the remote authentication working with server 2008:

pptp: pam_radius_auth: User username authentication succeeded

pptp: PAM Authentication OK for myname

But, then:

pptp: Attempting PAM account checks

userauth: Localdb: authorization not enabled on group:(junk characters),service:pptp

pptp: PAP peer authentication failed for myname

pptp: Localdb:authorization failed as group is NULL

pptp: PAM account checks failed: 6: permission denied.



3 Replies 3


Nothing? I am running latest firmware.

 I have the same issue   i had configure radius but  seems not work i got that logs,


Ready to process requests.
rad_recv: Access-Request packet from host port 35826, id=208, length=79
User-Name = "cisco"
User-Password = "cisco"
NAS-IP-Address =
NAS-Identifier = "weblogin"
NAS-Port = 22956
NAS-Port-Type = Virtual
Service-Type = Authenticate-Only
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "cisco", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] No EAP-Message, not doing EAP
++[eap] = noop
[files] users: Matched entry cisco at line 151
++[files] = ok
++[expiration] = noop
++[logintime] = noop
++[pap] = updated
+} # group authorize = updated
Found Auth-Type = PAP
# Executing group from file /etc/raddb/sites-enabled/default
+group PAP {
[pap] login attempt with password "cisco"
[pap] Using clear text password "cisco"
[pap] User authenticated successfully
++[pap] = ok
+} # group PAP = ok
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+group post-auth {
++[exec] = noop
+} # group post-auth = noop
Sending Access-Accept of id 208 to port 35826
Service-Type = NAS-Prompt-User
Cisco-AVPair = "shell:priv-lvl=15"
Finished request 0.
Going to the next request



Seems here everhink  is good configuration is 


client {
secret = secretkey
nastype = cisco
shortname = tendoRouter



cisco Cleartext-Password := "cisco"
Service-Type = NAS-Prompt-User,
Cisco-AVPair = "shell:priv-lvl=15"

Syslog say 

weblogin - - [meta sequenceId="27"] Localdb:authorization failed as group is NULL



Could you tell me where is the issue ?


Could you tell me where is the issue ? 



Hi  we found how to fix that issue 

First  we need to in the groups in cisco then  you need to create group lets say with name  readonlygroup and on this group we need to select permition lets say readonly with login or whatever .

Then we need to go in users in radius and  settings shoud be that 


Userreadonly Cleartext-Password := "passreadonly"
Service-Type = NAS-Prompt-User,
Class = readonlygroup,
Cisco-AVPair = "shell:roles=network-admin vdc-admin vdc-operator"

Most important settin is Class = readonlygroup,  that class say in which group user shoud be assing

If your group  in cisco is with name  GROUPEXAMPLE   you  need to change Class = GROUPEXAMPLE   

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: