Help: How to set VLAN by Tunnel-Private-Group-Id for user or group?

tnt at kalik.co.yu tnt at kalik.co.yu
Thu Aug 2 13:18:04 CEST 2007 

Since you are using AD to store user profile this is an AD, not
freeradius question. Create a (vlan) group; add users/groups to the
group; create Remote Access Policy; apply policy to this group; edit the
policy to include those Tunnel attributes in dial-in profile; do the
same for every VLAN.

Ivan Kalik
Kalik Informatika ISP


Dana 2/8/2007, "Hangjun He" <elmerhe at yahoo.com.cn> piše:

>Hi,
>         We use peap + AP + fr + AD to authenticate user. Now It can work. But I
>  need to get VLAN from freeradius for different user or group.
>        How should I do?? Please give me some advice, Thanks.
>
>        I saw below debug info from maillist, from these info I guess freeradius can set VLAN for user or group.
>
>
>  Ready to process requests.
>rad_recv: Access-Request packet from host 192.168.1.1:1645, id=38, length=149
> User-Name = "DOMAIN\\testuser"
> Service-Type = Framed-User
> Framed-MTU = 1500
> Called-Station-Id = "00-19-AA-2C-8F-03"
> Calling-Station-Id = "00-08-74-46-2A-A5"
> EAP-Message = 0x0202001601434f5250524f4f545c7467646f72686531
> Message-Authenticator = 0x9bc11b6f6182f53f6428ad12c48d8f10
> NAS-Port = 50001
> NAS-Port-Type = Ethernet
> NAS-IP-Address = 192.168.1.1
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 0
>  rlm_eap: EAP packet type response id 2 length 22
>  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>  modcall[authorize]: module "eap" returns updated for request 0
>    users: Matched entry DEFAULT at line 1
>  modcall[authorize]: module "files" returns ok for request 0
>modcall: leaving group authorize (returns updated) for request 0
>  rad_check_password:  Found Auth-Type EAP
>auth: type "EAP"
>  Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 0
>  rlm_eap: EAP Identity
>  rlm_eap: processing type tls
>  rlm_eap_tls: Initiate
>  rlm_eap_tls: Start returned 1
>  modcall[authenticate]: module "eap" returns handled for request 0
>modcall: leaving group authenticate (returns handled) for request 0
>Sending Access-Challenge of id 38 to 192.168.1.1 port 1645
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "vlanX"
> EAP-Message = 0x010300061920
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x67c75e29c6b4d8d32c662ce2d154d277
>Finished request 0
>Going to the next request
>--- Walking the entire request list ---
>Waking up in 6 seconds...
>
>
>
>
>
>---------------------------------
> ŃĹť˘ĂâˇŃÓĘĎä3.5GČÝÁżŁŹ20M¸˝źţŁĄ
>

More information about the Freeradius-Users mailing list