Unable to get privileges in freeradius server with Quidway AR 28-09 router

[R.Dravid]

Hi, i have recently configured Quidway AR 28-09 router with all radius lines. And when i was logging into the router with username and password configured in the radius server, i was not able to get the privileges that i have made, in other words i would say they doesn't work the way i have expected.

For example I am sending the attribute "Huawei-Exec-Privilege" := 1 and :=3 but as a result they doesn't work at all….along with this if i lose connectivity with the radius server somehow so after that I cannot make use of the local user, and I don´t know why exactly, any suggestion for resolving this will be appreciated.

[Caelyn]

First of all will you please let me know What is the type of RADIUS server you are using ? concerning that i could suggest you the solution for the same.

[AmaF]

For example I am sending the attribute "Huawei-Exec-Privilege" := 1 and :=3 but as a result they doesn't work at all….along with this if i lose connectivity with the radius server somehow so after that I cannot make use of the local user, and I don´t know why exactly, any suggestion for resolving this will be appreciated.

See first, I would like to let you know as the above mentioned issue like you are not able to make use of local server, so let me tell you as this issue should happen because of use " authentication-mode scheme domain system " beneath the " user-interface vty 0 4 " which actually force the the router to pursue the domain and within the domain all commands for RADIUS server only.

Thus according to me for resolving this you need to modify the VTY as per the below mentioned values.

user-interface vty 0
authentication-mode scheme domain sustem
User-interface vty 1 4
authentication-mode local.

Once you completed with the same so, you have one vty 0 for radius test and vty from 1 to 4 for local user login.

[Bjork]

I don’t know exactly which kind of parameters you have set but still according to me you should first make sure you have to edit the parameters for authorization is ht eRADIUS server. And along with this the second this that you have to verify is like ensure you have to add the authorization commands to the router that you have entered or not? because the router will know that there is authorization server and rules has to take will be concerned about it .

[shetty]

well, if you are still pursuing the same problem then it might be possible like the configuration that you have done on the router for the server will not be correct thus simply to resolve this it would be better if you simply reconfigure it. See over here let me tell you as if you are not aware about the configuring the router settings then you can simply make use of the manual given to you, or else it would be better to approach and good engineer for the same rather than configuring on your own.

In addition, as far as configuring the router is concerned let me suggest you as you should not try to overwrite the settings on the one that you have previously configured rather it would be better to reset the setting first and then configure it.

[R.Dravid]

I don’t know exactly which kind of parameters you have set but still according to me you should first make sure you have to edit the parameters for authorization is ht eRADIUS server. And along with this the second this that you have to verify is like ensure you have to add the authorization commands to the router that you have entered or not? because the router will know that there is authorization server and rules has to take will be concerned about it .

Hey thanks for the suggestion as i have fixed my first issue after verifying all this thing and see i have mentioned it properly by means of steps.

Authentication is successful.

Accounting is succesful.

And when it come to the Authorization, while I log in the router, the freeradius send "Huawei-Exec-Privilege" variable with 1 for user privileges and 3 for super privileges, but for all time i log in with user privileges. And you must have gotten as I am having problem only with the authorization. Any more suggestion left? And thanks for the above one.

[sameer22]

ok, that’s fine but still can you please let us know what configuration you have done on your router so that i could assist you with the settings and the value for each parameter.

[Rust-18]

I am not sure whether there is some problem with the router settings that you have done or with the radious server, but still according to me if you are sure about the settings then why don’t you try to reconfigure the radious server settings? Because see if there will be some problem with your existing setting then it will be resolved for sure. In fact if you wanted to know further information regarding settings you can simply visit to their official website.