Nothing has changed in the radius code for a very long time, beyond updating the date. The last actual code change was at the end of 2016.

 

radius_auth_user_level() sets the level, if there are no auth_radius_groups set, it gives everyone level 10.

 

Beyond that the code only has the ability seemingly to set the value to 0.

 

Can you see those config entries being set in the web ui? /settings/format=config/

 

Adam.

 

From: observium <observium-bounces@observium.org> On Behalf Of Peter Derissen via observium
Sent: 14 October 2020 10:31
To: Observium <observium@observium.org>
Cc: Peter Derissen <peter.derissen@eurofiber.com>
Subject: [Observium] Observium with Radius

 

Hello all,

 

I have setup Observium with radius auth.

Today I noticed that everyone is getting full admin rights in Observium.

I changed my own radius settings and tested.

 

Observium is running on 10.230.11.81 and radius on 10.230.11.111

This is the radius response:

 

(587) Sent Access-Accept Id 94 from 10.230.11.111:1812 to 10.230.11.81:43443 length 0

(587)   Juniper-Local-User-Name = "remote"

(587)   Filter-Id = "pfy" ß

(587)   GENIE-USER-PRIVILEGE = PRIV-ADMINISTRATOR

(587)   Infinera-User-Category = "administrator"

(587)   Service-Type = Administrative-User

(587)   NS-Admin-Privilege = All-VSYS-Root-Admin

(587)   Class = 0x6e65

 

Config.php:

 

$config['auth_radius_groups']['admin']['level']  = 10; // Full administrative access

$config['auth_radius_groups']['cto']['level']     = 7; // Global read access with secured info (ie rancid configs)

$config['auth_radius_groups']['pfy']['level']     = 5; // Global read access

 

 

Any idea what I’m doing wrong?

 

Met vriendelijke groet,

 

Peter Derissen                         Eurofiber Nederland

Network Engineer                    Safariweg 25-31

+31 (0)6 11587110                  3605 MA Maarssen

 

 

Volg ons op Twitter | Linkedin | Facebook | Youtube

 

Wilt u op de hoogte blijven van technische ontwikkelingen aan ons netwerk, nieuwe ICT ontwikkelingen en klantervaringen? Meld u dan aan voor onze maandelijkse nieuwsbrief.

 

 

 



******** IMPORTANT NOTICE ********
This e-mail (including any attachments) may contain information that is confidential or otherwise protected from disclosure and it is intended only for the addressees. If you are not the intended recipient, please note that any copying, distribution or other use of information contained in this e-mail (and its attachments) is not allowed. If you have received this e-mail in error, kindly notify us immediately by telephone or e-mail and delete the message (including any attachments) from your system.

Please note that e-mail messages may contain computer viruses or other defects, may not be accurately replicated on other systems, or may be subject of unauthorized interception or other interference without the knowledge of sender or recipient. Eurofiber only sends and receives e-mails on the basis that Eurofiber is not responsible for any such computer viruses, corruption or other interference or any consequences thereof.
Eurofiber Nederland B.V. is registered in the Chamber of Commerce of Amsterdam with number 34134377, VAT number NL 8088.51.524 B01.
Eurofiber N.V. has its registered office at Belgicastraat 5 bus 7, 1930 Zaventem and is registered under national number 0435.204.851.