Freeradius and Unifi Vlan
Brian Candler
b.candler at pobox.com
Thu Nov 10 13:47:23 CET 2016
On 10/11/2016 12:02, Gabriel Ozaki wrote:
> But unifi still using vlan 1, is possible the unifi is not receiving the
> Tunnel information?
Look carefully at the end of your debug output:
(9) Login OK: [kemi/<via Auth-Type = eap>] (from client private-network-1 port 0 cli F8-2F-A8-F5-12-97)
(9) Sent Access-Accept Id 40 from 192.168.3.1:1812 to 192.168.3.190:49091 length 0
(9) MS-MPPE-Recv-Key = 0x9cef482e0e294db32ca069d27b9a4b1605896ae638b2d845ffd593d7fc00777e
(9) MS-MPPE-Send-Key = 0xd010d975e1b595af9f1c04a1ad0e07d22213f62823948c425fc21bfb18c16b5e
(9) EAP-Message = 0x033a0004
(9) Message-Authenticator = 0x00000000000000000000000000000000
(9) User-Name = "kemi"
(9) Finished request
The final reply doesn't include those attributes; the inner tunnel auth
has them, but they don't appear in the outer session. You need to set:
use_tunneled_reply = yes
Similarly, if in your inner tunnel logic you want to make use of
attributes in the request (such as Called-Station-ID to see which SSID
the client is connecting to), you need:
copy_request_to_tunnel = yes
These settings are in mods-available/eap
Regards,
Brian.
More information about the Freeradius-Users
mailing list