02-15-2019 01:32 PM
It appears I have the remote authentication working with server 2008:
pptp: pam_radius_auth: User username authentication succeeded
pptp: PAM Authentication OK for myname
But, then:
pptp: Attempting PAM account checks
userauth: Localdb: authorization not enabled on group:(junk characters),service:pptp
pptp: PAP peer authentication failed for myname
pptp: Localdb:authorization failed as group is NULL
pptp: PAM account checks failed: 6: permission denied.
Help?
02-18-2019 10:11 AM
Nothing? I am running latest firmware.
11-08-2019 12:18 AM
Hi,
I have the same issue i had configure radius but seems not work i got that logs,
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.90.1 port 35826, id=208, length=79
User-Name = "cisco"
User-Password = "cisco"
NAS-IP-Address = 192.168.90.1
NAS-Identifier = "weblogin"
NAS-Port = 22956
NAS-Port-Type = Virtual
Service-Type = Authenticate-Only
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "cisco", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] No EAP-Message, not doing EAP
++[eap] = noop
[files] users: Matched entry cisco at line 151
++[files] = ok
++[expiration] = noop
++[logintime] = noop
++[pap] = updated
+} # group authorize = updated
Found Auth-Type = PAP
# Executing group from file /etc/raddb/sites-enabled/default
+group PAP {
[pap] login attempt with password "cisco"
[pap] Using clear text password "cisco"
[pap] User authenticated successfully
++[pap] = ok
+} # group PAP = ok
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+group post-auth {
++[exec] = noop
+} # group post-auth = noop
Sending Access-Accept of id 208 to 192.168.90.1 port 35826
Service-Type = NAS-Prompt-User
Cisco-AVPair = "shell:priv-lvl=15"
Finished request 0.
Going to the next request
Seems here everhink is good configuration is
client.conf
client 192.168.90.1 {
secret = secretkey
nastype = cisco
shortname = tendoRouter
}
cisco Cleartext-Password := "cisco"
Service-Type = NAS-Prompt-User,
Cisco-AVPair = "shell:priv-lvl=15"
Syslog say
weblogin - - [meta sequenceId="27"] Localdb:authorization failed as group is NULL
Could you tell me where is the issue ?
Could you tell me where is the issue ?
11-29-2019 01:01 AM
Hi we found how to fix that issue
First we need to in the groups in cisco then you need to create group lets say with name readonlygroup and on this group we need to select permition lets say readonly with login or whatever .
Then we need to go in users in radius and settings shoud be that
Userreadonly Cleartext-Password := "passreadonly"
Service-Type = NAS-Prompt-User,
Class = readonlygroup,
Cisco-AVPair = "shell:roles=network-admin vdc-admin vdc-operator"
Most important settin is Class = readonlygroup, that class say in which group user shoud be assing
If your group in cisco is with name GROUPEXAMPLE you need to change Class = GROUPEXAMPLE
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide