Problems with VLAN selection

Anthony Stuckey anthonystuckey at gmail.com
Wed May 5 17:10:13 CEST 2021 

The documentation is crap.  Large parts of information that would be very
valuable to have is missing.

Always answer the questions: Who, What, When, Where, Why, and How.
Freeradius documentation is straight up hostile to "Why" and "How".  Any
suggestion that vendor documentation like Apple's certificate requirements
be referenced is met with an immediate "out of scope" response.  It would
cost nothing to give people references for further learning.
https://support.apple.com/en-us/HT210176

While my personal hobby horse would be Windows Machine Login, I've seen a
number of discussions that would be resolved much faster and with fewer bad
feelings by simply having a "Vendor Resources" page and some sample
configurations documenting known potholes.

Reading the RFQs does not generate all possible useful insights.


On Tue, May 4, 2021 at 9:48 AM Alan DeKok <aland at deployingradius.com> wrote:

> On May 4, 2021, at 10:26 AM, Tom Yates <madhatter at teaparty.net> wrote:
> > For posterity and those who find this exchange in the archives, I will
> note that when the list-help says
> >
> > "We understand that the debug output is complex and full of what seems
> like magical text. You don't need to understand all of it. But the people
> on the mailing list do understand it, and can use it to help you."
> >
> > **it is not kidding**.
>
>   Exactly.
>
>   We are now approaching 22 years of "please, just send us the debug
> output".
>
>   There are just endless stories of people complaining that FR is crap,
> the documentation is crap, etc.  For message after message after message.
> Then they eventually decide to send the debug output, and the issue is
> fixed 5 minutes later.
>
>   I've also seen people state that "if you have to read the debug output
> to fix things, then the software is crap".  Hmm... OK, let's try a scenario:
>
> Q:  I want to get WiFi access.  I've configured the supplicant, but it
> doesn't work.  What's wrong?
>
> A: maybe the RADIUS shared secret is wrong
> A: maybe the AP has the wrong IP for the RADIUS server
> A: maybe the CA cert isn't on the supplicant
> A: maybe the user account isn't known to the RADIUS server
> A: maybe the server can't read the users credentials from LDAP, becaus
>    * the server doesn't have read permission for those fields
>    * the LDAP query is searching the wrong part of the tree
> A: maybe the users password is in LDAP in a format which is incompatible
> with the authentication method uses
> A: maybe the user mistyped the password
> A: maybe all that works, but the user is placed in the wrong VLAN
> A: maybe all that works, but the VLAN isn't set up to route packets to the
> wider Internet
>
>   These are all issues which come up regularly.
>
>   There are many, many, reason why things can go wrong.  Pretty much no
> one can write complex code, never debug it, and magically have it work the
> first time.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list