vlan in ldap - full version

alois blasbichler alois.blasbichler at sb-brixen.it
Wed Dec 17 11:03:37 CET 2008


Hello list

I was send the last mail wrongly - here the correct version :

I am trying to assign different vlans for my different Radius-users.
The good  news is that with a user defined in the users file it works fine.

The users file :
tester    cleartext-Password := "alois"
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = 155

The message:

++[eap] returns ok
Login OK: [tester] (from client ciscosw port 29 cli 00-1F-E1-23-71-85)
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 255 to 10.53.240.10 port 32769
         Tunnel-Type:0 = VLAN
         Tunnel-Medium-Type:0 = IEEE-802
         Tunnel-Private-Group-Id:0 = "155"
         User-Name = "tester"
         MS-MPPE-Recv-Key =  
0x283b539628ec3ece70444bce496d078fc67323356a6cd12f435f878743447f7a
         MS-MPPE-Send-Key =  
0xa978c29338aa1547d14524b0f43bfcde45841e3bce0f9c30a0b6c3d57187d810
         EAP-Message = 0x03130004
         Message-Authenticator = 0x00000000000000000000000000000000
Finished request 12.

But with my users in Ldap - it does not work - seems that radius dont  
replay  the vlan-attributes

Some hints?
luis


my user in ldap :
dn: uid=test,ou=users,dc=sb-brixen,dc=it
objectClass: radiusprofile
radiusTunnelMediumType: IEEE-802
radiusTunnelType: VLAN
radiusTunnelPrivateGroupId: 154

The message i get:


[ldap] looking for check items in directory...
rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 == "154"
rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 == IEEE-802
rlm_ldap: radiusTunnelType -> Tunnel-Type:0 == VLAN
...

Login OK: [test] (from client ciscosw port 29 cli 00-1F-E1-23-71-85)
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 97 to 10.53.240.10 port 32769
         User-Name = "test"
         MS-MPPE-Recv-Key =  
0x460785611f313ad630d4947a9f319303a05238d5b340b0a32d38a58b81a416aa
         MS-MPPE-Send-Key =  
0xceeebab47129af3baa96c6fa859b26434b3894a32fddeeffc4f86bb9dfc080b1
         EAP-Message = 0x031a0004
         Message-Authenticator = 0x00000000000000000000000000000000
Finished request 53.





More information about the Freeradius-Users mailing list