I’m trying to get to authenticate users logging in to the MT (telnet / ftp / web / etc) via Radius. I’ve managed to get most working, but I don’t think my radius replies are correct. The MT Web site isn’t very accurate about what is expected back from the Radius server…
My initial reply after a successfull authentication is:
Sending Access-Accept of id 26342 to x.x.x.x:1028
Acct-Interim-Interval = 300
Group = “full”
Idle-Timeout = 300
Service-Type = Login-User
However, the MT still replies with a invalid username / password (and yes, the Radius server does authenticate the user correctly). What exactly is required in the reply for the login service on MT?
There’s nothing wrong with the timeout values, or the radius server. MT doesn’t like the Group Attribute.
If I take the group Attribute out, or send a group name - which DOES NOT exist, the MT accepts the login - but with the “default” group configured in the MT.
The moment I specify a group name in Radius that does exist on the MT - the MT denies the login, regardless of what the Radius server says.
what version are you using?I mean RouterOS..In the older versions there was a bug related to Group attribute. Please, make an upgrade to the newest version!