Attribute not passing to NAS?

Rob Yamry ryamry at kimberly.k12.wi.us
Thu Dec 2 19:15:56 CET 2010


Hi Mikal-
  Thanks for responding.  I have it set up just like that...the policy on
the controller is named Faculty.  I even took LDAP out of it to make sure
that the attribute was passing correctly.  I have a user defined in the
/etc/raddb/users

ktest   Cleartext-Password := "password"
        Filter-Id = "Faculty"

When I authenticate with this user I get:

Client session MAC [00:24:D6:A6:CE:CE] on AP [JRG-1FL-AP09] with SSID [TEST]
from VNS [TEST] with username [ktest] has been successfully authenticated.
Policy [Students] is applied.

I get the same msg for an ldap user that has the Filter-Id set to Faculty as
well.

For comparison, on the controller my vns settings include:
VNS Name: TEST
WLAN Service: TESTWLAN
Non-Auth policy: NonAuth
Auth Policy: Students               (support told me this doesnt matter what
its set to...the Filter-Id will override this)
Restrict policy set unchecked
Enable checked

I have another policy named Faculty that is assigned the AuthFaculty
topology (which sets the tagged vlan).

How does this compare to your setup?  Do I need the restrict policy set
option checked and config'd?

-Rob

On Thu, Dec 2, 2010 at 11:38 AM, mikal <mpm at atceast.com> wrote:

>
> Rob,
>
> You need to ensure that the value of Filter-Id maps exactly to the value of
> the policy that you're trying to apply.  So you need to have a policy
> defined on the controller named "Faculty", not "faculty" or "facultY", but
> "Faculty".
>
> For instance, if I have a policy named "NewmanN" and I pass a
> Filter-Id="NewmanN" then I get:
>
> Client session MAC [00:22:6B:9A:2B:77] on AP [IRV-AP3620] with SSID [SMFC]
> from VNS [SMFC] with username [test.user11] with mu session timer [52549]
> has been successfully authenticated. Policy [NewmanN] is applied.
>
> The desired policy is applied.
>
> If I pass a Filter-Id="Newmann" then I get:
>
> Client session MAC [00:22:6B:9A:2B:77] on AP [IRV-AP3620] with SSID [SMFC]
> from VNS [SMFC] with username [test.user11] with mu session timer [52201]
> has been successfully authenticated. Policy [SMFC Auth] is applied.
>
> The default policy for that VNS is applied because there was no policy
> matching "Newmann".
>
>
> --
> View this message in context:
> http://freeradius.1045715.n5.nabble.com/Attribute-not-passing-to-NAS-tp3289418p3289720.html
> Sent from the FreeRadius - User mailing list archive at Nabble.com.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101202/9e65e7b1/attachment.html>


More information about the Freeradius-Users mailing list