Comware

 View Only

  • 1.  3Com 5500 EI Radius Failover to local

    Posted Aug 29, 2014 12:12 PM

    Hello, 

     
    Yesterday I finally got my freeradius server playing nicely with a 3Com 5500 EI, thanks in no small part to the great posts in this forum. 
     
    I know that it possible to have a primary and a secondary radius sever set up in the same radius scheme (example config below).  
    #
    radius scheme freerad
     server-type extended
     primary authentication x.x.x.x
     primary accounting x.x.x.x
     accounting optional
     key authentication ******
     key accounting ******
     user-name-format without-domain
    #
     
    Is it possible to have a radius server set a primary, and if the server is not accessible, set the secondary to local login authentication?  
     
    This is my first post here, sorry if there is not enough information, or if this post is in the wrong place. 
     
    Thanks in advance!


  • 2.  RE: 3Com 5500 EI Radius Failover to local

    Posted Aug 30, 2014 05:41 AM

     

    Hi,

    Yes it is possible.

    you need to set it up under domain like:

     

    domain test

     

    authentication login radius-scheme freerad local

     

     

    with the above config you are telling the system if it cannot reach radius with primary and secondary servers then fallback to local authentication.

     

    you also need to have created a local user and give access like

     

    local-user test

    password simple test

    service telnet

    service ssh

    authorization-attribute level 3

     

    regards

     



  • 3.  RE: 3Com 5500 EI Radius Failover to local

    Posted Sep 02, 2014 11:18 AM
    Awesome! That worked great.

    I noticed that if radius is reachable, then local logins are completely unavailable. Is there a way for local to be checked after a failure to authenticate by radius?

    Thanks for the help!


Related Content