Freeradius and Unifi Vlan

Gabriel Ozaki gabriel.ozaki at kemi.com.br
Thu Nov 10 13:11:14 CET 2016


Hi guys
I recive a mensagem from unifi forum and is need to change the eap
configuration:

*copy_request_to_tunnel = yes
use_tunneled_reply = yes
proxy_tunneled_request_as_eap = yes*


Sorry for opening a thread, the search in the unifi foruns don't work
really fine

Thanks





2016-11-10 10:02 GMT-02:00 Gabriel Ozaki <gabriel.ozaki at kemi.com.br>:

> Hi
> Im trying to use freeradius to assign the VLAN of a connection using the
> unifi AP, like in this page:
> https://help.ubnt.com/hc/en-us/articles/219654087-UniFi-
> Using-VLANs-with-UniFi-Wireless-Routing-Switching-Hardware#UAP
>
> My server is a Debian jessie fresh install with Freeradius 3.0.12(compiled
> from source, using defaults) and unifi controler 5.3.5(beta version, but i
> see some guys using radius+vlan using a cisco solution)
> My AP is a UniFi AP-AC-Lite firmware 3.7.24.5422
>
>
> My users file(the default file and i add in the end):
> kemi    Cleartext-Password := "1q2w3e4r"
>         Tunnel-Type = VLAN,
>         Tunnel-Medium-Type = 6,
>         Tunnel-Private-Group-Id = 3
>
>
> My clients.conf
> client private-network-1 {
>     ipaddr        = 192.168.3.0/24
>     secret        = testing123
> }
>
> In radiusd.conf i only change  line 510:
>  allow_vulnerable_openssl = 'CVE-2016-6304'
>
>
> The radiusd -X when i use radtest(i attatch the full log)
> (0) Login OK: [kemi/1q2w3e4r] (from client private-network-1 port 0)
> (0) Sent Access-Accept Id 130 from 192.168.3.1:1812 to 192.168.3.1:56590
> length 0
> (0)   Tunnel-Type = VLAN
> (0)   Tunnel-Medium-Type = IEEE-802
> (0)   Tunnel-Private-Group-Id = "3"
> (0) Finished request
>
>
> The radiusd -X when i use the AP:
> (9)     post-auth { ... } # empty sub-section is ignored
> (9)   Login OK: [kemi/<via Auth-Type = eap>] (from client
> private-network-1 port 0 via TLS tunnel)
> (9) } # server inner-tunnel
> (9) Virtual server sending reply
> (9)   Tunnel-Type = VLAN
> (9)   Tunnel-Medium-Type = IEEE-802
> (9)   Tunnel-Private-Group-Id = "3"
> (9)   MS-MPPE-Encryption-Policy = Encryption-Required
> (9)   MS-MPPE-Encryption-Types = 4
> (9)   MS-MPPE-Send-Key = 0x5cbfff77aff0148b908c8cec2efaae2c
> (9)   MS-MPPE-Recv-Key = 0xd4ad8206c448c3530a1e547ee91f173c
> (9)   EAP-Message = 0x03030004
> (9)   Message-Authenticator = 0x00000000000000000000000000000000
> (9)   User-Name = "kemi"
> (9) eap_ttls: Got tunneled Access-Accept
> (9) eap_ttls: No information to cache: session caching will be disabled
> for session 4487edec31086c9129e937fada901fbda23ba4600dd0d7e67f0c5e1a843b
> a264
> (9) eap: Sending EAP Success (code 3) ID 58 length 4
>
>
>
> But unifi still using vlan 1, is possible the unifi is not receiving the
> Tunnel information?
>
> Thanks
>
>
>
>


More information about the Freeradius-Users mailing list