I'm trying to set up Packetfence to provide radius authentication to our HP
switches. The one I'm testing on has a 5406 chassis. I've got packetfence
talking to our openLDAP directory, and authenticating admin access to
packetfence based on a MemberOf group.
I've added the switch by IP in PF, enabled CLI/VPN, configured the radius
secret, and configured the switch to use radius for telnet access (we don't
usually use telnet, but this way I can test radius without breaking ssh
access). I'm tailing the radius.log file and can see the switch attempt to
authenticate, verify the user and credentials successfully, with no errors
on the packetfence radius side, but the switch fails to authenticate with
the following message:
"Access denied: no user's authorization info supplied by the RADIUS server"
I have tried it with "aaa authentication login privilege-mode" enabled and
disabled and the result is the same.
I'm not sure what I'm doing wrong, any suggestions?
On the switch, show authentication looks like this:
show authentication
Status and Counters - Authentication Information
Login Attempts : 3
Lockout Delay : 0
Respect Privilege : Disabled
| Login Login Login
Access Task | Primary Server Group Secondary
----------- + ---------- ------------ ----------
Console | Tacacs Local
Telnet | Radius radius None
Port-Access | Local None
Webui | Radius radius Local
SSH | Tacacs Local
Web-Auth | ChapRadius radius None
MAC-Auth | ChapRadius radius None
SNMP | Local None
| Enable Enable Enable
Access Task | Primary Server Group Secondary
----------- + ---------- ------------ ----------
Console | Tacacs Local
Telnet | Radius radius None
Webui | Radius radius Local
SSH | Tacacs Local
CIAN PHILLIPS Senior Security & Infrastructure Engineer
[email protected] | o 510.594.3745 | m 510.316.2586
1111 Eighth St. | San Francisco, CA | 94107
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
