VLAN Post Auth

Alan DeKok aland at deployingradius.com
Wed Apr 19 18:36:44 CEST 2017


On Apr 19, 2017, at 12:07 PM, Richard Laing <richard.laing at armourcomms.com> wrote:
> 
> Hi Alan thank you for taking a look at the output for me on the last
> message.
> 
> 1. Never said it doesn't work, said no VLAN on application of more than
> one group.

  What do you mean by "application of more than one group"?

  I explained how the "users" file works.  I pointed you to documentation.  If you put more than one DEFAULT in, it will only match the first one.  Unless you follow the documentation.

> 3. You ignored the following output, if I use an incorrect password then
> I will get a fail. I looking for the user have its request authorized
> and have the VLAN assigned over to that user correctly.

  So you want users with bad passwords to be put into a different VLAN?

  The debug log you attached showed a *successful* authentication.

> Also if I run radtest the user seems to work just not on the group
> memberships

  See the FAQ for "it doesn't work"

  Again, you're asking questions which are poorly phrased, and don't contain enough information for me to help you.

> radtest richardl 'Testing 101' ipa01.acskype.com 1812 testing101
> Sending Access-Request Id 198 from 0.0.0.0:41248 to 192.168.10.2:1812
>    User-Name = 'richardl'
>    User-Password = 'Testing 101'
>    NAS-IP-Address = 192.168.10.2
>    NAS-Port = 1812
>    Message-Authenticator = 0x00
> Received Access-Accept Id 198 from 192.168.10.2:1812 to
> 192.168.10.2:41248 length 20

  We never ask for the output from radclient.  We ALWAYS ask for the output of the server.

  Again... please follow instructions.  When you don't follow instructions, you don't get the problem fixed.

> 4. I will update into the latest version and hopeful have a follow up
> soon, would interested in hearing your ideas on the best method of
> securing free-radius & LDAP together

  If only I understood what you were doing, and what *exactly* was going wrong, and what you expected to happen.

  I already asked that, and your response here was still fairly vague.  "I tried stuff, and it didn't work".

  Ask a bad question, get a bad answer.

  Ask a good question, get a good answer.

  It's up to you.

  Alan DeKok.




More information about the Freeradius-Users mailing list