I have gotten radius in VYOS to work with freeradius. I found this is due to the fact that VYOS requires the same local username on VYOS that you put on the radius server.
This doesn’t scale. If I have 3 engineer that need access and 10 VYOS routers, we have to add each of the engineers to the 10 boxes and then the RADIUS server.
This kind of defeats the point of centralized management.
Is there a workaround to this issue or is someone working to change the way the PAM module works in VYOS ? Tacacs in Vyatta only requires that you add your account on the TACACS server not each vyatta. Of course, the VYOS radius issue is a carryover from Vyatta where the same RADIUS issue is present.
Thanks.