freeradius 1.1.3 to 2.1.10 migration vlan assignment woes

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Mon Nov 21 20:52:40 CET 2011


Hi,
> So I'm moving from an old 1.1.3 (running on rhel5) to 2.1.10 (rhel6). We use EAP-TTLS > PAP which authenticates against openldap and
> dynamically assigns vlans based on ldap group properties. I seem to have gotten the authentication working, but the vlan assignment
> doesn't appear to be happening. All of our users end up in the default vlan (60). I'm getting a 'No "known good" password' error,
> but the bind still seems to be succeeding. Output of radiusd -X is below.

if you take the standard initial 2.1.10 config and then edit the bits
you need, then you'll see that for this setup, the most important file
for you to deal with is the inner-tunnel virtual server....thats what handles
the EAP. so long as you've edited eap.conf correctly so that the certs
are correct then things will work.

your config suggests that your chosen method, EAP-TTLS isnt the default
type in eap.conf

you also need to 'copy_request_to_tunnel' for the eap-TTLS (in eap.conf)
for the return attributes to work.

alan



More information about the Freeradius-Users mailing list