Using RADIUS for swith authentication

[mikecel79]

I am attempting to configure out Omniswitch 6850s to use our RADIUS server for to authenticate over SSH but not having much luck. I have configured the swith to use our RADIUS server and turned on RADIUS authenticaiton for SSH but I still cannot connect. The command I used to configure the RADIUS server is:

aaa radius-server "RADIUS" host [IP Address] key [password] retransmit 3 timeout 2

and the command to enable is on SSH is

aaa authentication ssh "RADIUS"

Now I can see the switch pass the request to my RADIUS server and it sends back a granted access message but on the switch it says "Authentication failed". I think it has something to do with no end user profiles setup but I can't find anywhere in the documentation what attribute the RADIUS server should be sending back with the profile name in it. Has anyone setup their omniswitches to use RADIUS for authenticaiton?

[Bras]

1)attributes in radius-reply:

Alcatel-Acce-Priv-F-W1 = 0xffffffff,
Alcatel-Acce-Priv-F-W2 = 0xffffffff,
Alcatel-Asa-Access = all,
Auth-Type = Local,
Service-Type = Shell-User
============================

2)in dictionary file:

#$INCLUDE dictionary.xylan

3)you shoud add file "dictionary.alcatel":

#
# Alcatel Broadband Access Server dictionary.
#
# Version: 1.00 10-July-2002 Lasse Johnsen <lassejohnsen@bulldogcommunications.com>
# $Id: dictionary.alcatel,v 1.3 2004/02/16 22:33:10 aland Exp $
#

VENDOR Alcatel 800

#
# Alcatel Vendor Specific Extensions
#
#
ATTRIBUTE Alcatel-Auth-Group 1 integer Alcatel
ATTRIBUTE Alcatel-Slot-Port 2 string Alcatel
ATTRIBUTE Alcatel-Time-of-Day 3 string Alcatel
ATTRIBUTE Alcatel-Client-IP-Addr 4 ipaddr Alcatel
ATTRIBUTE Alcatel-Group-Desc 5 string Alcatel
ATTRIBUTE Alcatel-Port-Desc 6 string Alcatel
ATTRIBUTE Alcatel-Profil-Numb 7 integer Alcatel
ATTRIBUTE Alcatel-Auth-Group-Protocol 8 string Alcatel
ATTRIBUTE Alcatel-Asa-Access 9 string Alcatel
ATTRIBUTE Alcatel-Access-Priv 16 integer Alcatel
ATTRIBUTE Alcatel-Acce-Priv-R1 33 integer Alcatel
ATTRIBUTE Alcatel-Acce-Priv-R2 34 integer Alcatel
ATTRIBUTE Alcatel-Acce-Priv-W1 35 integer Alcatel
ATTRIBUTE Alcatel-Acce-Priv-W2 36 integer Alcatel
ATTRIBUTE Alcatel-Acce-Priv-G1 37 integer Alcatel
ATTRIBUTE Alcatel-Acce-Priv-G2 38 integer Alcatel
ATTRIBUTE Alcatel-Acce-Priv-F-R1 39 octets Alcatel
ATTRIBUTE Alcatel-Acce-Priv-F-R2 40 octets Alcatel
ATTRIBUTE Alcatel-Acce-Priv-F-W1 41 octets Alcatel
ATTRIBUTE Alcatel-Acce-Priv-F-W2 42 octets Alcatel

[ytmcsa]

Hi guys,

I am thinking to authenticate all of our omniswitches to a TACACS+ or Radius server. Any of these authentication servers to recommend?

What cmds need to be configured on the switches and server for proper AAA?

Anyone successfully used Cisco ACS Server 4.2 as a Radius or TACACS+ Server to authenticate Omniswitches i.e. 7800 and 9700?

Many Thx!

[benny]

I don't recommend the Cisco server - it sucks. (You have to create groups for everything manually ...)

I would go for Radius. (If you want TACACS - the Linux TACACS works perfectly...)

-benny

[cedric1]

hello

Look at this place

IAS is working and juniper Funk Steel Belted Radius


http://eforum.esd.alcatel-lucent.com/vi ... 89fa6#p482

Cedric

[mohammha]

Hi Gentlemen
can some one explain more to me plz?
I tried but it is not working with me

I have Juniper Radius SBR 5.4
& OS6850 6.3.1