freeradius vlan assigment with two ldap group

Alan DeKok aland at deployingradius.com
Fri Sep 15 13:22:11 CEST 2017


On Sep 15, 2017, at 3:23 AM, Zenon Matuszyk <zenon.matuszyk at networkers.pl> wrote:
> 
> I have trouble assigning the  vlan to users in different groups. If I have one group and if the user is in this group gets a VLAN 200. If  another user is in another group (add another entry in the users file with the group and vlan), it does not log on or continue to receive the vlan 200 and I want it to get vlan 216. Below debug with login.

  If you read the debug output, you'll see the problem has nothing to do with the users file.

> Fri Sep 15 09:07:01 2017 : Info: freeradius: FreeRADIUS Version 2.2.5, for host x86_64-pc-linux-gnu, built on Aug 10 2017 at 07:25:15
> Fri Sep 15 09:07:01 2017 : Debug: Server was built with:
> Fri Sep 15 09:07:01 2017 : Debug:   accounting

  PLEASE follow instructions and run with "freeradius -X".  Not "-Xx".
> 
> Fri Sep 15 09:07:16 2017 : Info: [mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
> Fri Sep 15 09:07:16 2017 : Info: [mschapv2] +group MS-CHAP {
> Fri Sep 15 09:07:16 2017 : Info: [mschap] Creating challenge hash with username: psitarz at mydomain.com
> Fri Sep 15 09:07:16 2017 : Info: [mschap] Client is using MS-CHAPv2 for psitarz at mydomain.com, we need NT-Password
> Fri Sep 15 09:07:16 2017 : Info: [mschap] WARNING: Deprecated conditional expansion ":-".  See "man unlang" for details
> Fri Sep 15 09:07:16 2017 : Info: [mschap]     expand: --username=%{Stripped-User-Name:-%{User-Name:-None}} -> --username=psitarz
> Fri Sep 15 09:07:16 2017 : Info: [mschap] Creating challenge hash with username: psitarz at mydomain.com
> Fri Sep 15 09:07:16 2017 : Info: [mschap]     expand: --challenge=%{mschap:Challenge:-00} -> --challenge=30cedb6750524fca
> Fri Sep 15 09:07:16 2017 : Info: [mschap]     expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=dbdff2050731af4d5e7f6bbcc15f6ba740b157f5df29b787
> Fri Sep 15 09:07:16 2017 : Debug: Exec output: Logon failure (0xc000006d)
> Fri Sep 15 09:07:16 2017 : Debug: Exec plaintext: Logon failure (0xc000006d)
> Fri Sep 15 09:07:16 2017 : Info: [mschap] Exec: program returned: 1
> Fri Sep 15 09:07:16 2017 : Info: [mschap] External script failed.

  That would seem to be the problem.

  It has nothing to do with groups or the "users" file.

  Read the debug output.  It *tells you* what's going wrong.

  Alan DeKok.




More information about the Freeradius-Users mailing list