freeradius with UNIFI APs

Elias Pereira empbilly at gmail.com
Thu Aug 15 20:22:48 CEST 2019


Arran, You can configure the vlans directly in freeradius and then in unifi
controller check "Enable RADIUS assigned VLAN for wireless network". We
have it here and it works perfectly.

/etc/freeradius/sites-available/default
ldap
if (Ldap-Group == "CN=ADM,OU=GRUPOS,DC=campus,DC=mycompany,DC=com") {
        update reply {
                &Tunnel-Type = VLAN
                &Tunnel-Medium-Type = IEEE-802
                &Tunnel-Private-Group-Id = "51"
        }
}
elsif (Ldap-Group == "CN=ALUNOS,OU=GRUPOS,DC=campus,DC=mycompany,DC=com") {
        update reply {
                &Tunnel-Type = VLAN
                &Tunnel-Medium-Type = IEEE-802
                &Tunnel-Private-Group-Id = "40"
        }
}
else {
        update reply {
                Reply-Message := "Sem acesso!"
        }
        reject
}

On Thu, Aug 15, 2019 at 2:54 PM Arran Cudbard-Bell <
a.cudbardb at freeradius.org> wrote:

>
>
> > On 14 Aug 2019, at 06:06, Nawar Al Tarazi <nawar.tarazi at contentful.com>
> wrote:
> >
> > I use EAP-TTLS/PAP , is there anything different in the settings,
> > Certificate related thing ?
> > because as i said , the Server sends Access-Accept but it seems the AP
> just
> > ignore it
>
> Though I found in our setup we had to define the vlans as networks on the
> unifi controller before it'd let us assign them, and the kit exhibited that
> behaviour for undefined VLANs.
>
> Maybe that's the issue here? Or some variant of it?
>
> -Arran
>
>
> Arran Cudbard-Bell <a.cudbardb at freeradius.org>
> FreeRADIUS Development Team
>
> FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html



-- 
Elias Pereira


More information about the Freeradius-Users mailing list