How to force tunnel-xx information in access-accept packet ?

Michel_Monchatre at dell.com Michel_Monchatre at dell.com
Mon Dec 14 20:16:49 CET 2015


Hi

Here I am again, sorry for the delay...

I have now installed Freeradius 3.0.3 on CentOS 7.0 and got the same problem: the access-accept packet does not include anymore the tunnel-Private-group-id information...

Does anyone have an idea to force freeradius to include the vlan information in the access-accept packet ?

Many thanks in advance for your answers

/Michel




-----Original Message-----
From: Freeradius-Users [mailto:freeradius-users-bounces+michel_monchatre=dell.com at lists.freeradius.org] On Behalf Of Monchatre, Michel
Sent: lundi 23 novembre 2015 07:38
To: freeradius-users at lists.freeradius.org
Subject: RE: How to force tunnel-xx information in access-accept packet ?

Hi Matthew

Thanks for your answer, 

I'll then install an up-to-date Linux OS with an up-to-date freeradius version and let you know about the results asap ..

Best regards

Michel


-----Original Message-----
From: Freeradius-Users [mailto:freeradius-users-bounces+michel_monchatre=dell.com at lists.freeradius.org] On Behalf Of Matthew Newton
Sent: jeudi 19 novembre 2015 13:45
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: Re: How to force tunnel-xx information in access-accept packet ?

On Thu, Nov 19, 2015 at 08:59:09AM +0000, Michel_Monchatre at dell.com wrote:
> I'm using version  freeradius2-2.1.12-5.el5  ( on CentOS 511) with a 
> Dell Networking Switch model N3024, and I want to assign the users in 
> specific Vlans based on EAP authentication.

That version is very old. You should really upgrade to at least the latest 2.2 version (but v2 is end of life now).

> If the user's PC is authenticated with its MAC address ( MAB option on 
> the switch) , there are very few Radius Packet exchange and the final 
> access-accept packet contains correctly the Tunnel-Private-Group-ID, 
> tunnel-Type and Tunnel-Medium-type informations

OK.

> But when I want to authenticate the users ( using login and paswsord 
> ), there are a lot of access-challenge packet and the final 
> access-accept packet does not contain anymore the 
> tunnel-Private-group-id, etc  informations.
> 
> Is there a way to force freeradius to include again the missing 
> information in the Access-accept packet ?

Many ways. It depends on where you want to get the information from, for example. Where does the existing data for MAC auth come from? The users file? A database?

> Which file(s) need to be modify and how  ?

Depends on the above. Could be the users file for the simplest option.

You should send debug output (radiusd -X) for a working example and one that doesn't work at least so we have some idea on what you're doing.

Matthew


--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dell S.A, Siège Social 1 rond point Benjamin Franklin 34000 Montpellier.
Capital 1,782,769 Euros, 351 528 229 RCS Montpellier –APE 4651Z -TVA Intracommunautaire FR 20 351 528 229. SIRET 351 528 229 00096

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dell S.A, Siège Social 1 rond point Benjamin Franklin 34000 Montpellier.
Capital 1,782,769 Euros, 351 528 229 RCS Montpellier –APE 4651Z -TVA Intracommunautaire FR 20 351 528 229. SIRET 351 528 229 00096



More information about the Freeradius-Users mailing list