Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
K
K
Kirill Rybakov2011-07-04 13:52:54
Computer networks
Kirill Rybakov, 2011-07-04 13:52:54

Switch authorization on Radius?

Good afternoon, Habr!
I want to test (but fail) the ability to authenticate and account switches (D-link 3526, firmware 6.10.023) on a Radius server (Freeradius 2.1.0 on Ubuntu 11.04).
read more
As planned, the following scheme should work:
1. The subscriber sends an IGMP-Join.
2.switch sees this and sends a message with authentication to the Radius server (as a username and password, the poppy address of the subscriber).
3.Radius-server replies to the switch that authentication was successful and the switch starts pouring a multicast stream on the subscriber's port.
4. Periodically and when switching the channel, the switch sends messages to the Radius server containing information for accounting.
The goal is to record the use of channels by subscribers. In fact, only accounting is needed.
BUT! The annoyance is that authentication does not pass and, accordingly, accounting does not occur.
Error text in radius logs ():

Wed Jun 22 16:21:23 2011 : Auth: Login incorrect: [001617122639/001617122639] (from client D-link port 20) <br/>

So, the login is not correct)))
However, in the Users file, I created this login:
001617122639 Cleartext-Password := &quot;001617122639&quot;, NAS-Port == 20, Framed-IP-Address == &quot;239.0.0.1&quot;, NAS-IP-Address == &quot;10.10.0.1&quot;

also the output of sudo freeradius -X gives the following (such garbage is sent by the switch, which I expected ...):
..............<br/>
User-Name = &quot;001617122639&quot;<br/>
User-Password = &quot;001617122639&quot;<br/>
NAS-IP-Address = 10.10.0.1<br/>
NAS-Identifier = &quot;D-Link&quot;<br/>
NAS-Port-Type = Virtual<br/>
Service-Type = Framed-User<br/>
Framed-Protocol = PPP<br/>
NAS-Port = 20<br/>
Framed-IP-Address = 239.0.0.1<br/>
..............

My thoughts and additions are as follows:
1. Judging by the logs and by the fact that the login and password are transmitted correctly, I sin on the type of entry in the Users file. However, I tried to enclose in quotes, I tried to write in a column - the same thing.
2. Accordingly, every time after changing the settings, I restart the service.
3. With a non-digital login, authentication passes.
4. I tried to test using the radtest utility with this login and password - the same error.
5. I tried, although a little, to do the same with the radl utility, and authentication does not work either.
6. Yes, and looking at the traffic dump, I also see what comes to the server, everything seems to be correct (as in the output of freeradius -X).
Lord, please help! Thank you.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
M
metajiji, 2014-11-20
@metajiji

check that files is in:
authorize {
...
files
...
}
accounting {
...
files
...
attr_filter.accounting_response # worth checking, mb. something needs to be tweaked.
}
In general, it would be nice to see the full output of the freeradius -X command along with 1 authorization attempt.

Similar questions
K
Kirill Ostrovsky2017-06-08 11:38:06
Parameter value in Google Analytics? 7Reply
A
Alexander2015-07-08 14:41:15
Are there analytical modeling systems using voxels? 2Reply
I
Ingvar Von Bjork2016-08-29 22:36:12
How to change the child elements of an xml tag with a specific attribute value? 2Reply
D
Dmitry Krymtsev2016-08-28 06:21:17
Communication of information to subordinates. What information aggregator do you recommend? 7Reply
E
elisey4742016-08-28 20:19:35
Is ssh secure? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question