Re: Inserting and/or replacing reply attributes on a proxy request
Jarrod Sayers <jarrod@netleader.com.au> wrote:
> Picture Cisco Aironet 1200's with multiple SSID's, all pointing back
> to a single instance of FreeRADIUS. The access point is relying on
> the RADIUS reply to determine if the user should be moved to another
> SSID and without it, assumes the one they are attempting to connect to
> is correct.
See the Calling-Station-Id attribute. As per the RFC's, it should
contain MAC:SSID. Rather than accepting the user & then trying to
reject them some time later, just look at the SSID they're using. If
it isn't correct, reject them.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
This archive was generated by a fusion of
Pipermail (Mailman edition) and
MHonArc.