Dynamic VLAN and FreeRadius
Alan DeKok
aland at deployingradius.com
Thu May 22 19:37:46 CEST 2008
Joel MBA OYONE wrote:
> We all agree that assocation is made before authentication process, in
> order to RADIUS to be able to do its stuffs. but the fact is that it
> doesn't work,
Then your NAS is broken. Buy a real NAS that supports VLAN assignment.
> and i was wondering what would be the result if i set:
> "Tunnel-Private-Group-ID = 100" (when the SSID were i am connected is
> assiged to VLAN 200, according to how my device work) .
We told you what the result was: We don't know. Go read your NAS
documentation. If it doesn't say, it's because your NAS is broken.
> i learnt freeradius stuffs and with the help of the guys here, i am now
> able to setup it correctly!!! Access point authentication works well,
> but end-users authentication doing some EAP fails but stay without no
> response after the access-challenge!! (saying no correct login/password
> find, or requiring client certificate, depending if i am doing tls or
> peap).
This is in the FAQ, and in the comments in eap.conf.
> please note that it deons'nt tell me that my certificates are incorrect,
Windows doesn't do that. It just stops doing EAP.
Please stop trying to figure it out. Believe what we're saying.
We've seen your situation hundreds of times. It's nothing new.
> - About the limitations of the device, i posted on d-link support a week
> ago and i am still waiting for the answer.
Exactly. Buy a device that is *documented* as doing VLAN assignment.
> Any people interested in help could just read page 200 - 209 of this
> documents and give advices.
Sorry. Buy a real NAS that works. You're wasting your time trying to
make a broken NAS do VLAN assignment.
Alan DeKok.
More information about the Freeradius-Users
mailing list