Attributes not being copied to inner tunnel

Franks Andy (IT Technical Architecture Manager) Andy.Franks at sath.nhs.uk
Thu Nov 12 11:29:50 CET 2015


Hi all,
  This is probably obvious but I can't understand it!

FR 3.1 from git, although not updated for a little while..

When the inner tunnel is called in PEAP/mschapv2, some of the attrs from our request aren't making their way through.
Extreme wireless (siemens), the Siemens-AP-Name and Siemens-AP-Serial attributes seem to be missing, unfortunately we use/record some of these otherwise it wouldn't be a problem.

My pre-proxy section has the attr_filter.pre-proxy commented out..
PEAP module tunnel copy is enabled (see bottom)

Sorry for the regular "help me!" posts, still learning!
Thanks
Andy

Starting request:
(10) Received Access-Request Id 187 from 192.168.116.10:52330 to 192.168.176.123:1812 length 421
(10)   User-Name = 'SATH\\franksa'
(10)   NAS-IP-Address = 0.0.0.0
(10)   NAS-Port = 106
(10)   Framed-MTU = 1400
(10)   Called-Station-Id = '20:b3:99:ea:a8:5a'
(10)   Acct-Session-Id = '5644626401a5'
(10)   Calling-Station-Id = '00:18:39:0e:77:a2'
(10)   NAS-Port-Type = Wireless-802.11
(10)   NAS-Identifier = 'RSH_WiFi_2_VNS'
(10)   Service-Type = Framed-User
(10)   Siemens-AP-Serial = '14351087085D0000'
(10)   Siemens-AP-Name = 'RSH-AP1125'
(10)   Siemens-VNS-Name = 'RSH_WiFi_2_VNS'
(10)   Siemens-SSID = 'RSH_WiFi_2'
(10)   Siemens-BSS-MAC = '20:b3:99:ea:a8:5a'
(10)   Siemens-Policy-Name = 'No_Access'
(10)   Siemens-Topology-Name = 'VLAN200_AP_T'

Proxy:
(10)   EAP-Message = 0x020900471a020900423151ad822a193537467947d21c25db073300000000000000001f4ec99cdb09ee5c7421b6264c4f5cc10e5c0c2db2c039bf00534154485c4652414e4b5341
(10)   FreeRADIUS-Proxied-To = 127.0.0.1
(10)   User-Name = 'SATH\\franksa'
(10)   State = 0xd86926bed9603cd4e2325db6a06e5230
(10)   NAS-IP-Address = 0.0.0.0
(10)   NAS-Port = 106
(10)   Framed-MTU = 1400
(10)   Called-Station-Id = '20:b3:99:ea:a8:5a'
(10)   Acct-Session-Id = '5644626401a5'
(10)   NAS-Port-Type = Wireless-802.11
(10)   NAS-Identifier = 'RSH_WiFi_2_VNS'
(10)   Service-Type = Framed-User
(10)   Siemens-VNS-Name = 'RSH_WiFi_2_VNS'
(10)   Siemens-SSID = 'RSH_WiFi_2'
(10)   Siemens-BSS-MAC = '20:b3:99:ea:a8:5a'
(10)   Siemens-Policy-Name = 'No_Access'
(10)   Siemens-Topology-Name = 'VLAN200_AP_T'
(10)   Calling-Station-Id := '00-18-39-0e-77-a2'

PEAP section of relevant EAP mod:

peap {
                tls = tls-common
                default_eap_type = tls
                copy_request_to_tunnel = yes
                use_tunnelled_reply = yes
                proxy_tunneled_request_as_eap = no
                virtual_server = "inner-tunnel"
                #       EAP-TLS-Require-Client-Cert = Yes
                #       require_client_cert = yes
        }


More information about the Freeradius-Users mailing list