FreeRadius with 3COM
|
View:
New views
15 Messages
—
Rating Filter:
Alert me
|
 |
FreeRadius with 3COM
by Rafael Fernandes-3
::
Rate this Message:
Hi all,
i´m in trouble. I need to authenticate a 3COM 4210 switch with freeradius.
The 3COM send the message and the freeradius answers with accept as above:
Sending Access-Accept of id 21 to 172.21.23.2 port 5001
Framed-Compression := None Service-Type := Login-User Framed-Protocol := PPP Framed-MTU := 1500 But 3COM gives "Login Failed"
Can anybody give me an help?
Thanks,
Rafael Fernandes
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html |
|
|
Re: FreeRadius with 3COM
by Bjørn Mork
::
Rate this Message:
Rafael Fernandes <rafaelmsf@...> writes:
> i´m in trouble. I need to authenticate a 3COM 4210 switch with freeradius. > The 3COM send the message and the freeradius answers with accept as above: > Sending Access-Accept of id 21 to 172.21.23.2 port 5001 > Framed-Compression := None > Service-Type := Login-User > Framed-Protocol := PPP > Framed-MTU := 1500 > > But 3COM gives "Login Failed" I don't know that switch, but it probably expects a reply with Service-Type := NAS-Prompt-User or Service-Type := Administrative-User and none of the Framed-* attributes. Although sending those probably won't harm. Bjørn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html |
|
|
Re: FreeRadius with 3COM
by tnt-5
::
Rate this Message:
On Fri, 6 Nov 2009 13:44:11 -0300, Rafael Fernandes <rafaelmsf@...>
wrote: > Hi all, > > i´m in trouble. I need to authenticate a 3COM 4210 switch with freeradius. > The 3COM send the message and the freeradius answers with accept as above: > Sending Access-Accept of id 21 to 172.21.23.2 port 5001 > Framed-Compression := None > Service-Type := Login-User > Framed-Protocol := PPP > Framed-MTU := 1500 > > But 3COM gives "Login Failed" > > Can anybody give me an help? Switch users guide. It will tell you what attributes and what values to return. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html |
|
|
Re: FreeRadius with 3COM
by Bjørn Mork
::
Rate this Message:
tnt@... writes:
> On Fri, 6 Nov 2009 13:44:11 -0300, Rafael Fernandes <rafaelmsf@...> > wrote: > >> Can anybody give me an help? > > Switch users guide. It will tell you what attributes and what values to > return. Really? That would be most unusual. Bjørn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html |
|
|
Re: FreeRadius with 3COM
by Diego-57
::
Rate this Message:
Hi
In the case of work Shared the configuration we Thanks 2009/11/6 Bjørn Mork <bjorn@...>
-- ^^^^^^^^^^^^^^^^^^^| |Linux band wagon|"""";...,___ |_...._....____===|___|__|...,] "(@)'(@)""""*|(@)(@ )****(@) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html |
|
|
Re: FreeRadius with 3COM
by Alan DeKok-2
::
Rate this Message:
Bjørn Mork wrote:
> tnt@... writes: >> Switch users guide. It will tell you what attributes and what values to >> return. > > Really? That would be most unusual. The documentation from normal switch vendors includes instructions on how to configure the switch. e.g. from the CLI, or from RADIUS. If the documentation does not contain instructions for how to configure the switch, you should throw it in the garbage, and by a switch from a real vendor. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html |
|
|
Re: FreeRadius with 3COM
by Bjørn Mork
::
Rate this Message:
Alan DeKok <aland@...> writes:
> Bjørn Mork wrote: >> tnt@... writes: >>> Switch users guide. It will tell you what attributes and what values to >>> return. >> >> Really? That would be most unusual. > > The documentation from normal switch vendors includes instructions on > how to configure the switch. e.g. from the CLI, or from RADIUS. Yes. But usually that documentation is limited to how you configure radius server address, port and key, and sometimes timeouts and/or failover strategy. VSAs are also usually documented. But the standard RFC attributes and their meaning to the switch/router are rarely documented in my experience. Now, you could argue that those attributes are documented in RFCs which the documentation most often will refer to, which of course is correct. But the fact is that the answer to this particular question isn't very obvious the first time you configure management access to a switch (or router or access point or whatever). And we've all been there. Some of us were lucky and inherited a working configuration a decade ago. Some are not so lucky. I may be wrong (please prove me so!), but I don't think pointing to the switch documentation will ever help if you got the Service-Type wrong. > If the documentation does not contain instructions for how to > configure the switch, you should throw it in the garbage, and by a > switch from a real vendor. Oh, the documentation does contain instructions for how to configure the switch. But in vendor language "configure the switch" means using the CLI or web GUI. Interpretation of standard RADIUS attributes, or any other protocol for that sake, is not considered part of the configuration. So you will know how to configure the switch, but you just don't know how to configure the other end. From the switch vendor's point of view, that is part of the RADIUS server documentation. Bjørn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html |
|
|
Re: FreeRadius with 3COM
by Alan DeKok-2
::
Rate this Message:
Bjørn Mork wrote:
> Oh, the documentation does contain instructions for how to configure the > switch. But in vendor language "configure the switch" means using the > CLI or web GUI. Interpretation of standard RADIUS attributes, or any > other protocol for that sake, is not considered part of the configuration. > So you will know how to configure the switch, but you just don't know > how to configure the other end. From the switch vendor's point of view, > that is part of the RADIUS server documentation. If administrator logins can be controlled via RADIUS, that is generally documented, in my experience. This includes instructions on what attributes to send in a RADIUS packet. Sometimes, it even includes sample FreeRADIUS configurations. If the vendor can't do that, I don't see why anyone should pay a few thousand for their product. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html |
|
|
|
|
|
Re: FreeRadius with 3COM
by Rafael Fernandes-3
::
Rate this Message:
Hi All,
thanks. Now the 3COM is authenticationing on freeradius.
But i don´t know how to set diferent priorities to users;
My 3COM is 4210 and have 3 levels of priority.
Does anybody know how to send the level of priority by freeradius?
Thanks.
2009/11/9 Guk Victor <v.guk@...> Configuration guide 3com switch 4210 family: - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html |
|
|
Re: FreeRadius with 3COM
by tnt-5
::
Rate this Message:
> thanks. Now the 3COM is authenticationing on freeradius.
> But i don´t know how to set diferent priorities to users; > My 3COM is 4210 and have 3 levels of priority. > > Does anybody know how to send the level of priority by freeradius? Have you tried the guide? >> Configuration guide 3com switch 4210 family: >> >> http://support.3com.com/documents/switches/4210/3Com_Switch4210_Configuration_Guide.pdf If it's not in there - ask 3Com. They should know how to configure their equipment. Probably some VSA. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html |
|
|
Re: FreeRadius with 3COM
by Rafael Fernandes-3
::
Rate this Message:
Yes, i used the guide. But it only informs to use vendor-specific attribute but don´t say the value of this attribute.
I called to 3COM before sent this e-mail.
But my switch has more than 3 mounths, so the support can´t help me, because the support guaranty already expired.
So, if anyone have any idea to help me.
Thanks
2009/11/10 <tnt@...>
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html |
|
|
Re: FreeRadius with 3COM
by Rakotomandimby Mihamina-3
::
Rate this Message:
11/11/2009 01:42 PM, Rafael Fernandes:
> So, if anyone have any idea to help me. http://www.google.com/search?q=3com+forum -- Architecte Informatique chez Blueline/Gulfsat: Administration Systeme, Recherche & Developpement +261 33 11 207 36 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html |
|
|
|
|
|
Re: FreeRadius with 3COM
by Rafael Fernandes-3
::
Rate this Message:
Thanks Guk,
but i need this level of priority be based by freeradius, not set this level for local users. In other words, when an user "test" try to authenticate on the switch, the freeradius have to answer with Accept and pass the level of "test" priority. And the 3COM switch has to understand and set the correct level of user "test". And ideas? Thanks 2009/11/12 Guk Victor <v.guk@...>
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html |
| Free embeddable forum powered by Nabble | Forum Help |
