回复： Re: Help: How to set VLAN by Tunnel-Private-Group-Id for user or group?

[Hangjun He]

     Thanks.
       I still have a question. Can freeradius get VLAN from AD? And forward it to client??  Special configure needed?
   
  I use samba's ntlm_auth.
   
       
      Hangjun
  

tnt at kalik.co.yu дµÀ£º
  Since you are using AD to store user profile this is an AD, not
freeradius question. Create a (vlan) group; add users/groups to the
group; create Remote Access Policy; apply policy to this group; edit the
policy to include those Tunnel attributes in dial-in profile; do the
same for every VLAN.

Ivan Kalik
Kalik Informatika ISP


Dana 2/8/2007, "Hangjun He" pi¹e:

>Hi,
> We use peap + AP + fr + AD to authenticate user. Now It can work. But I
> need to get VLAN from freeradius for different user or group.
> How should I do?? Please give me some advice, Thanks.
>
> I saw below debug info from maillist, from these info I guess freeradius can set VLAN for user or group.
>
>
> Ready to process requests.
>rad_recv: Access-Request packet from host 192.168.1.1:1645, id=38, length=149
> User-Name = "DOMAIN\\testuser"
> Service-Type = Framed-User
> Framed-MTU = 1500
> Called-Station-Id = "00-19-AA-2C-8F-03"
> Calling-Station-Id = "00-08-74-46-2A-A5"
> EAP-Message = 0x0202001601434f5250524f4f545c7467646f72686531
> Message-Authenticator = 0x9bc11b6f6182f53f6428ad12c48d8f10
> NAS-Port = 50001
> NAS-Port-Type = Ethernet
> NAS-IP-Address = 192.168.1.1
> Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 0
> rlm_eap: EAP packet type response id 2 length 22
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 0
> users: Matched entry DEFAULT at line 1
> modcall[authorize]: module "files" returns ok for request 0
>modcall: leaving group authorize (returns updated) for request 0
> rad_check_password: Found Auth-Type EAP
>auth: type "EAP"
> Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 0
> rlm_eap: EAP Identity
> rlm_eap: processing type tls
> rlm_eap_tls: Initiate
> rlm_eap_tls: Start returned 1
> modcall[authenticate]: module "eap" returns handled for request 0
>modcall: leaving group authenticate (returns handled) for request 0
>Sending Access-Challenge of id 38 to 192.168.1.1 port 1645
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "vlanX"
> EAP-Message = 0x010300061920
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x67c75e29c6b4d8d32c662ce2d154d277
>Finished request 0
>Going to the next request
>--- Walking the entire request list ---
>Waking up in 6 seconds...
>
>
>
>
>
>---------------------------------
> ÑÅ»¢Ãâ·ÑÓÊÏä3.5GÈÝÁ¿£¬20M¸½¼þ£¡
>

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


       
---------------------------------
 ÑÅ»¢Ãâ·ÑÓÊÏä3.5GÈÝÁ¿£¬20M¸½¼þ£¡
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070803/00ba3419/attachment.html>