RADIUS-Attributes

Hello,

as described in the knowledge base the Digi CM are capable of recognizing the “Service-Type”-Attribute. Is it possible to assign “User” and “PortAdmin” permissions by this?

Additionally, is there a reason for the “NAS-IP”-Attribute to be always set to “255.255.255.255” in Access-Requests?

I’m currently using FW 1.7.0 on Digi CM 8/16/32.

RADIUS Attributes. For Port admin privledges to the WEB & configmenu. The only way to do this is to add a local user on the CM. Add a user & password for “John” to the CM as a Port admin. The corresponding user “John” on the RAD server should match with a unique password.

For using the “NAS-IP” you need to do the following. We should be addressing this in our next release.

The host name has been used for the NAS-IP-Address. Users will be able to get the NAS-IP-Address by replacing nas=hostname at the radtest script with
nas=ifconfig eth0 | sed -n '/inet/p' | sed -e 's/addr://' -e 's/inet//' -e 's/Bcast.*$//' .

Users can get the NAS-IP-Address without modification if the host name is the IP address.

Thanks for your reply.

The line " nas=hostname " seems to make no sense. The NAS-IP can carry only 4 bytes. In default configuration where the hostname is ‘Digi_CM_Device’ this results in a NAS-IP set to ‘255.255.255.255’.
For submitting the hostname or FQDN the RADIUS-Protocol provides the “NAS-Identifier” attribute which should be used instead.

I’d like to see this changed in the next firmware release, since replacing radtest on every boot by rc.user is not a permanent solution.

The NAS-IP is a failure and will be fixed in our next release.

We are looking into adding more RADIUS attributes in upcoming releases NAS-Identifier being one of them.

> We are looking into adding more RADIUS attributes in upcoming releases NAS-Identifier being one of them.

Another point on my list of wishes for further FW-releases would be the ability to use more characters for the shared secrets. So if its maybe just one line of code to change it would be nice to…

I’m still wondering about the Serevice-Type Attribute: Which value should be set by the server? Does it make any difference at all?

Thank you for support.