VLAN attribution in an eduroam setting - proxied users

Stefan Winter stefan.winter at restena.lu
Tue Dec 20 13:22:48 CET 2011


Hello Rui,

> As for the VLAN attribution wether the user is a roaming user (i.e. goes to a proxy to be authenticated), I have done several tries, without sucess. Haven't managed to do it through the users file above;my last attemp was trying to setting them up in the /etc/freeradius/attrs file with attr_filter.post-proxy, however it seems to interfere with the AEP/password negotiation. The setup is as follows, and I would like to ask for an alternative of where to insert the roaming VLAN.
> 
> post-proxy {
>         post_proxy_log
>         attr_filter.post-proxy	   # here <---------------------------
>       Post-Proxy-Type Fail {
>                         detail
>         }
> }

The attr_filter module only controls what to strip out of the incoming
reply, it can not be used to add new attributes. What you specified in
the file:

>         Tunnel-Type := "VLAN",
>         Tunnel-Medium-Type := "IEEE-802",
>         Tunnel-Private-Group-Id := "216",

means: "Only leave these attributes in the reply packet if they have
exactly these values, otherwise strip them out". That is obviously not
what you want.

The solution is rather simple with unlang:

post-proxy {
        post_proxy_log
        update reply {
	         Tunnel-Type := "VLAN"
        	 Tunnel-Medium-Type := "IEEE-802"
	         Tunnel-Private-Group-Id := "216"
        }
        Post-Proxy-Type Fail {
            detail
        }
}

(syntax is "free-handed", you should try this on a testing server first)

Greetings,

Stefan Winter

-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111220/013bf17c/attachment.pgp>


More information about the Freeradius-Users mailing list