There are two other things you need to check aswell. Make sure that the local account username matches the same as per user database which radius will use to check. This setup requires no VSA to be send as it is configured on the local account, so it is only Authentication, If you using attributes make sure the string you sending is local-user-name refects that of a local account with set previlidges and that your useracount on ACS is linked to the correct ACS identity group.
↧