[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: Modifying outgoing device name attribute
From: Alan DeKok <aland () deployingradius ! com>
Date: 2023-06-02 19:01:04
Message-ID: 16A6F472-2430-47B0-9DAF-9CB8608C9567 () deployingradius ! com
[Download RAW message or body]
On May 31, 2023, at 12:26 PM, Kenny Simpson <kcg_simpson@msn.com> wrote:
> We are using freeradius to proxy authentication from Fortinet to freeradius to \
> cisco acs. We are now stumped on how to get it to authenticate properly. We can \
> see in the Cisco ACS logs that the device is being authenticated and that it is \
> matching the appropriate access service but it is failing on shared secret
*What* is failing on the shared secret?
You have 3 different systems. You haven't said which one is failing.
> even though we know that the shared secret is correct and that the password for the \
> user is correct.
The shared secret is clearly *not* correct if it's failing on the shared secret.
> Looking at the logs its says that the client is the incoming proxy server with its \
> name and ip address as this is what is in the client.
*What* says this?
Please be specific. The more vague you are, the harder it is to help you.
> It has the NAS IP correctly defined but I am thinking that because the device name \
> and ip are different to the NAS IP then its failing as the actual proxied \
> connection has a different secret.
*What* is doing this?
> Is there anyway of modifying the out going "device name attribute and ip" to match \
> that of the client configuration.
Where?
If Cisco ACS is failing, then ask Cisco how their product works. We didn't write \
ACS, and we know nothing about it.
If FreeRADIUS is failing, then post the debug logs as suggested by ALL of the \
documentation.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic