Values not being returned as expected

Steven Carr steven.carr at sunderland.ac.uk
Wed Jan 20 17:54:19 CET 2010


Hi list,

We are running FreeRADIUS 2.16 (sparc-sun-solaris2.10) and we are are
seing some unexpected results, the following is snippets of
configuration followed by debug output...

# entry in huntgroups
> dot1x-allowed	NAS-IP-Address == 192.168.0.1

# only entries in users file...
> DEFAULT	Service-Type == Framed-User, Huntgroup-Name == "dot1x-allowed"
>         Service-Type = Framed-User,
>         Tunnel-Type = "VLAN",
>         Tunnel-Medium-Type = "IEEE-802",
>         Fall-Through = Yes
> 
> DEFAULT Ldap-Group == "somegroup"
>         Reply-Message = "Welcome, you are in the somegroup group"

# radiusd -X debug...
> Login OK: [username] (from client 192.168.0.1 port 50122 cli 00-24-21-9A-C6-68)
> +- entering group post-auth {...}
> ++[exec] returns noop
> ++? if ((Huntgroup-Name == "dot1x-allowed") && (Service-Type == Framed-User))
> ?? Evaluating (Huntgroup-Name == "dot1x-allowed") -> TRUE
> ?? Evaluating (Service-Type == Framed-User) -> TRUE
> ++? if ((Huntgroup-Name == "dot1x-allowed") && (Service-Type == Framed-User)) -> TRUE
> ++- entering if ((Huntgroup-Name == "dot1x-allowed") && (Service-Type == Framed-User)) {...}
> +++? if ((!reply:Tmp-String-0) || (reply:Tmp-String-0 == ""))
> ?? Evaluating !(reply:Tmp-String-0) -> FALSE
> ?? Evaluating (reply:Tmp-String-0 == "") -> FALSE
> +++? if ((!reply:Tmp-String-0) || (reply:Tmp-String-0 == "")) -> FALSE
> +++- entering else else {...}
>         expand: %{reply:Tmp-String-0} -> admin
> ++++[reply] returns noop
> +++- else else returns noop
> ++- if ((Huntgroup-Name == "dot1x-allowed") && (Service-Type == Framed-User)) returns noop
> Sending Access-Accept of id 207 to 192.168.0.1 port 1645
> 		Reply-Message = "Welcome, you are in the group"
>         User-Name = "username"
>         MS-MPPE-Recv-Key = 0xb46d59aaee8c0eb2a1920ae89f45a117335310a4de90c3ae2c9865293033491f
>         MS-MPPE-Send-Key = 0xeb4263c8dc5e281bac5fbc263761a78cf69254c11c3e9f139b98f3a04c38d7ec
>         EAP-Message = 0x03490004
>         Message-Authenticator = 0x00000000000000000000000000000000
>         Tunnel-Private-Group-Id:0 = "admin"
> Finished request 9.
> Going to the next request

The question is... why am I not getting the Service-Type, Tunnel-Type
and Tunnel-Medium-Type values being sent back in the access accept packet?

If you need any further debug/info let me know.

Thanks

Steve

-- 
Steven Carr
Systems Development Officer
SLS/ITS/Systems - (0191) 515 3953

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100120/5378afba/attachment.pgp>


More information about the Freeradius-Users mailing list