Здравейте колеги,
Имам следния проблем значи до скоро имахме над 300 rv345 бройки работата им да вдигнат по 10 site-to-site- vpn тунела и всичко работи нямат проблем.
За логини ползваме FreeRadius (freeradius-2.2.6-7.) и тук всичко работеше с този Firmware Version: 1.0.00.33 .
Обаче от както го update на Firmware Version: 1.0.03.15 логина умря и не могат да се логнат . Примерно basic конфигурацията при която работи логина на стария Firmware e
client.conf
client 192.168.90.1 {
secret = key
nastype = cisco
shortname = parking
}
user.conf
parking Cleartext-Password := "parking"
Service-Type = NAS-Prompt-User,
Cisco-AVPair = "shell:priv-lvl=15",
Лично аз смятам ,че проблема е в некви групи но вече ден го боря и не виждам светлина
. Да ако някой може да помогне с неква конфигурацията с радост бих я пробвал.
rad_recv: Access-Request packet from host 192.168.90.1 port 58606, id=107, length=78
User-Name = "test"
User-Password = "test"
NAS-IP-Address = 192.168.90.1
NAS-Identifier = "weblogin"
NAS-Port = 22553
NAS-Port-Type = Virtual
Service-Type = Authenticate-Only
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] No EAP-Message, not doing EAP
++[eap] = noop
[files] users: Matched entry test at line 200
++[files] = ok
++[expiration] = noop
++[logintime] = noop
++[pap] = updated
+} # group authorize = updated
Found Auth-Type = PAP
# Executing group from file /etc/raddb/sites-enabled/default
+group PAP {
[pap] login attempt with password "test"
[pap] Using clear text password "test"
[pap] User authenticated successfully
++[pap] = ok
+} # group PAP = ok
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+group post-auth {
++[exec] = noop
+} # group post-auth = noop
Sending Access-Accept of id 107 to 192.168.90.1 port 58606
User-Service-Type = Login-User
Fortinet-Group-Name = "GRP-one"
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 2 ID 107 with timestamp +817
Ready to process requests.