|
|
|
|
|
Question |
We are using free RADIUS 3.0.1 and are having difficulty getting IPMI to authenticate with it.
We tried to follow the documentation at http://www.supermicro.com/manuals/other/SMT_IPMI_Manual.pdf
But had to make the following modifications to get it to authenticate:
/etc/raddb/users file containing:
rob Cleartext-Password := "test123"
Vendor-Specific = "H=4, I=4"
After successful authentication, freeRADIUS displays the following error (and of course I'm returned to the IPMI login screen ):
Vendor-Specific = UNKNOWN-TYPE
(0) ERROR: Failed sending reply: ERROR: Unknown attribute type 21
It appears that we need to encode a vendor id, sub attribute id, attribute format, and the data. We're assuming that the data is "H=4, I=4", but what do we use for the Vendor ID, sub-attribute ID, and format?
|
|
Answer |
On pages 9 and 10 it gives the following example:
"radius_admin" User-Password == "123456"
Vendor-Specific = "H=4, I=4"
In FreeRadius 2.1.12, it should be:
"radius_admin" Cleartext-Password := "123456"
Vendor-Specific = "H=4, I=4"
HOWEVER, the "Vendor-specific" attribute is no longer supported by the RFC, which is why I was unable to get it to work in FreeRadius 3.0.4.
In FreeRadius >= 3.0.4 it should be:
"radius_admin" Cleartext-Password := "123456"
Attr-26 = 0x483D342C20493D34
(where the 0xblahblah) is the hex-encoding of the "H=4, I=4" string.
others are here:
Callback H=1, I=1 Attr-26 = 0x483D312C20493D31
User H=2, I=2 Attr-26 = 0x483D322C20493D32
Operator H=3, I=3 Attr-26 = 0x483D332C20493D33
Administrator H=4, I=4 Attr-26 = 0x483D342C20493D34
|
|
|
FAQ Stats |
FAQ ID |
Related Category / Keyword |
Date Posted |
Code |
22374 |
Hardware Monitoring:
- IPMI
|
01/29/16 |
|
Print Answer
|
|
|
|
|
|
|