Professional Documents
Culture Documents
Information
Below is an example of setting up ssh authentication via FreeRadius with a HPN Switch
(Comware 5 & 7 and ProVision).
/etc/freeradius/users
User-Name = "provision-admin"
User-Password = "password"
NAS-Port-Type = Virtual
Service-Type = Administrative-User
User-Name = "provision-operator"
User-Password = "password"
NAS-Port-Type = Virtual
Service-Type = NAS-Prompt-User
Verify that the attributes are in the Radius dictionary, which are defined for the user:
sudo vi /usr/share/freeradius/dictionary.3com
Verify that the Vendor Radius Attribute File is declared in the dictionary file
sudo cat /usr/share/freeradius/dictionary | dictionary.3Com
$INCLUDE dictionary.3Com
For SSH authentication edit the following files
sudo vi /usr/share/freeradius/dictionary.rfc2865
#Login Services
# add the following line:
VALUE Login-Service SSH 50
usr/local/etc/raddb/users
# can’t have both telnet and ssh
Login-Service = ssh
Much more Debug detail can be obtained with the following command:
sudo freeradius –XXX
Open an other Terminal Session to the Radius Server. The first serves to see the debug
output. Test the correct function of freeradius with “radtest” without involving the device:
Deve essere modificata il file “radiusd.conf”, se desidera di avere i risulatati della autenticazione
falita o quella che andata a buon fine. Per default non viene loggato niente (“auth = no,
auth_badpass = no, auth_goodpass = no”; quindi deve essere modificato in “yes”).
I parametri “auth_pass” e “auth_goodpass” visualizzano anche la password, che è stato insertito dal
utente.
sudo vi /etc/freeradius/radiusd.conf
< . . . >
log {
destination = files
file = ${logdir}/radius.log
syslog_facility = daemon
stripped_names = no
auth = yes
auth_badpass = no
auth_goodpass = no
}
< . . . >
Example Output:
simware@simware:~$ sudo more /var/log/freeradius/radius.log | grep Auth
Fri Dec 5 02:35:06 2014 : Auth: Login OK: [comware5] (from client localhost port
0)
Fri Dec 5 02:35:27 2014 : Auth: Login OK: [comware7] (from client localhost port
0)
Fri Dec 5 02:39:39 2014 : Auth: Login incorrect (rlm_pap: CLEAR TEXT password
check failed): [comware7] (from client localhost port 0)
simware@simware:~$