Using attibutes

[Alan DeKok]

Emmanuel BILLOT wrote:
> Our WIFI access is managed by EAP-TTLS/EAP-PEAP with radius
> authentication based on LDAP. So users can connect and use Internet,
> however is possible to limit access (bandwith, connecting time) with
> Freeradius ?

  FreeRADIUS isn't a router.  See your NAS documentation for which
attributes it needs to do access limitation.  Many NASes CANNOT do such
limitation.

> In other words, it seems (maybe i'm wrong) that Freeradius can send
> attribut with values when answering with Access Accept packet. I guess
> that clients have to understand it for being effective right ?

  Yes.

> So when using access point with EAP protocol, i guess native EAP client
> have to be compatibe with an attribut list ?

  No.  The EAP client is the end user PC.  Only the NAS needs to
understand RADIUS attributes.

> This behaviour seems to be implemented in captive portal, and attributes
> can be managed in portal configuration. Is it possible with EAP access
> (native client or secure w2 like ?)

  No.  Captive portals are not compatible with EAP.

  Alan DeKok.