Does anyone have any update for this in regards to freeradius Version 3? I tried these steps and it hits my server fine when i run in debug mode but its telling me invalid login via the webpage even thou Freeradius debug say “access-accept”
Is the firewall allowing the return packet to the AP?
Yes it is. my firewall is totally disabled in FreeRadius for testing purposes.
Sent Access-Accept Id 122 from ***
(0) Role += “super”
(0) Reply-Message = “Your Role is Super Administrator”
(0) Finished request
Waking up in 4.9 seconds.
The above is what I see at the bottom of my Debug. My syntax is correct according to the information given in Forum so maybe the AP needs updating to a newer version since this is a newer version of freeradius perhaps.
Oh sorry I misread - was thinking radius with an AP instead of cnMaestro. Does a tcpdump on the cnMaestro server show the radius return packet?
Yes sir, i did a TCPdump as you alerted by running command sudo tcpdump --interface any -c5 -nn host xx.xx.xx.xx which is IP of freeradius server.
It showed xx.xx.xxx.xx.1812 > xx.xx.x.xx.20446 (cnmaestro ip):Radius, Access-accept (2). So now im really confused on why I cant login.
Great! Would it be possible to post the resolution in case someone else has this issue?
3 Likes
it was just an overlook on my side. Under Users > Authentication Servers , then the Role mappings section in Cnmaestro where administrator, monitor, etc are illustrated… I didn’t have the matching string as I did in FreeRadius. For instance in FreeRadius I had “administrator” “monitor” “operator” whereas in cnmaestro it was configured by one of my colleagues to match the wording in AD, such as cnmaestro_administrator and so forth, if that make sense. So once I changed it to match string in FreeRadius server it worked.
3 Likes