This post is more than 5 years old
1 Rookie
•
28 Posts
0
1547
April 25th, 2019 14:00
Using RADIUS VSAs for RBAC
Does anyone have this working?
<ADMIN NOTE: Broken link has been removed from this post by Dell>
If so, what OID are you using for the Force10-avpair attribute?
I'm 99% convinced that this doesn't work at all. No one from Dell can even tell me what the OID is. (Of course, that could be because no one at Dell support seems to even know what RADIUS or VSAs are.)
0 events found
No Events found!
NoOneOfConsequence
1 Rookie
•
28 Posts
0
April 26th, 2019 17:00
So the answer is (apparently) that the ID ("vendor type" in RFC 2865) doesn't matter. The switch only looks at the vendor ID (maybe) and the contents of the VSA value (string).
Of course, this fact isn't documented anywhere, so I'm not sure how people setting up RADIUS servers are supposed to know what value to use for the vendor type.
The good news is that this does work, once one creates an authorization method list and adds it to the terminal lines. Too bad this isn't mentioned here.
<ADMIN NOTE: Broken link has been removed from this post by Dell>