I have setup “/user AAA” to go with radius. I can login to winbox fine with a username/pass from radius, however I can not login to console or SSH with the radius user.
The user is getting authentificated agains the radius server, but Im getting reject messages. Radius is sending the “full” group for the user succesfully, and I can see the radius logged on user in winbox as “full”.
Any idea why I would get rejects for console/SSH but accepts for winbox for the same config for the same user.
Relevant config:
/user group
add name=restricted
/user aaa
set default-group=restricted use-radius=yes
/radius
add address=10.41.2.9 secret="secret" service=login src-address=10.0.0.1
You can see it from this screenshot as well, user “tomas” is a radius user with group “full”
I’m just wondering why your screenshot says “via telnet” on line showing rejected login. Are you sure you are connecting to correct port? It should be “via ssh” if you are trying with SSH and “via local” if you are using console with serial cable.
