[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Modifying outgoing device name attribute
From:       Alan DeKok <aland () deployingradius ! com>
Date:       2023-06-02 19:01:04
Message-ID: 16A6F472-2430-47B0-9DAF-9CB8608C9567 () deployingradius ! com
[Download RAW message or body]

On May 31, 2023, at 12:26 PM, Kenny Simpson <kcg_simpson@msn.com> wrote:
> We are using freeradius to proxy authentication from Fortinet to freeradius to \
> cisco acs.  We are now stumped on how to get it to authenticate properly.  We can \
> see in the Cisco ACS logs that the device is being authenticated and that it is \
> matching the appropriate access service but it is failing on shared secret

  *What* is failing on the shared secret?

  You have 3 different systems.  You haven't said which one is failing.

> even though we know that the shared secret is correct and that the password for the \
> user is correct.

  The shared secret is clearly *not* correct if it's failing on the shared secret.

> Looking at the logs its says that the client is the incoming proxy server with its \
> name and ip address as this is what is in the client.

  *What* says this?

  Please be specific.  The more vague you are, the harder it is to help you.

> It has the NAS IP correctly defined but I am thinking that because the device name \
> and ip are different to the NAS IP then its failing as the actual proxied \
> connection has a different secret.

  *What* is doing this?

> Is there anyway of modifying the out going "device name attribute and ip" to match \
> that of the client configuration.

  Where?

  If Cisco ACS is failing, then ask Cisco how their product works.  We didn't write \
ACS, and we know nothing about it.

  If FreeRADIUS is failing, then post the debug logs as suggested by ALL of the \
documentation.

  Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]