Good afternoon, I'm struggling to define privileges to users PTP800 in dictionary Freeradius. I can not find the reference of Cambium dictionaries for Freeradius, how could proceed?
The user privilege is sent from the RADIUS server to the PTP 800 CMU as a vendor-specific attribute called auth-role, in a message based on the Cambium Vendor ID. Details are in the PTP 800 Series User Guide in section "Planning for RADIUS operation". We don't provide a dictionary file for FreeRADIUS, but if it helps, we can share the file we use when testing PTP 500 with our FreeRADIUS server.
Hi, Mark!
If you could share the file it would really help me and many others I believe!
Thank you!
This is the dictionary entry we use in testing with FreeRADIUS:
VENDOR Cambium-Networks 17713
BEGIN-VENDOR Cambium-Networks
ATTRIBUTE Cambium-Networks-Auth-Role 1 integer
VALUE Cambium-Networks-Auth-Role invalid-role 0
VALUE Cambium-Networks-Auth-Role readonly-role 1
VALUE Cambium-Networks-Auth-Role system-admin-role 2
VALUE Cambium-Networks-Auth-Role security-officer-role 3
VALUE Cambium-Networks-Auth-Role deliberately-bad-role 4
END-VENDOR Cambium-Networks
This provides the server with the defintion of the vendor-specific attribute (VSA).
You will also have to add the Auth-Role property to the user accounts.
Hi, Mark!
It is working as expected here in my lab test!
Thank you!
Excellent. That's good news!
The defined value for a deliberately bad role was purely for testing and is, of course, not needed in your deployment. That is unless you also want to test this aspect.
Could you provide some details and/or a screenshot of how you set the privileges for a user account in FreeRADIUS?
Thanks, Mark