<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-15"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Hallo,<br>
If I set Cisco-AVPair == "ssid=SSID1" in my user authentication, the
authentication Fail with any ssid and user.<br>
If I set Cisco-AVPair := "ssid=SSID1" my users are always authenticated.<br>
<br>
Is there any other configuration to set in the radius or in the access
point? <br>
<br>
In my access request there is the AVPair attribute:<br>
<br>
rad_recv: Access-Request packet from host 192.168.9.104:1645, id=19,
length=166
<br>
User-Name = "TEST4"
<br>
Framed-MTU = 1400
<br>
Called-Station-Id = "0012.dacb.8420"
<br>
Calling-Station-Id = "000c.f135.f1ba"
<br>
Cisco-AVPair = "ssid=VLAN3"
<br>
Service-Type = Login-User
<br>
Message-Authenticator = 0xb2a3f1fd52d9d6ff9702cc8f1f480f46
<br>
EAP-Message = 0x020600060d00
<br>
NAS-Port-Type = Wireless-802.11
<br>
Cisco-NAS-Port = "260"
<br>
NAS-Port = 260
<br>
State = 0x0491685cf8ece3184d685dedfedbb3d4
<br>
NAS-IP-Address = 192.168.9.104
<br>
NAS-Identifier = "ap"
<br>
<br>
<br>
but I don't understand if it works...<br>
<br>
<br>
Any idea?<br>
<br>
<br>
Thanks <br>
<br>
<br>
on 06/04/2006 11.39 Sergio Sagliocco said the following:
<blockquote cite="mid4434E1E9.4080807@csp.it" type="cite">
<pre wrap="">Hi
I think you have to try in this way (for example):
TEST4 Cisco-AVPair == "ssid=SSID1" , Auth-Type := EAP
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = 2,
Tunnel-Type = VLAN
DEFAULT Auth-Type := Reject
if uou want a password:
TEST4 Cisco-AVPair == "ssid=SSID1" ,User-Password="XXXX", Auth-Type := EAP
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = 2,
Tunnel-Type = VLAN
DEFAULT Auth-Type := Reject
Regards
sergio
Antonio Matera wrote:
</pre>
<blockquote type="cite">
<pre wrap="">My goal is to have authenticate user only if the SSID is right!
You know how can I do it?
Thanks
Antonio
on 05/04/2006 17.33 Sergio Sagliocco said the following:
</pre>
<blockquote type="cite">
<pre wrap="">Hello
your goal is authenticate users only if the SSID is rght or to have
different EAP Authentication method based on SSID?
regards
sergio
Antonio Matera wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hallo,
thanks for the answer.
With your solution my radius don't authenticate my users....
Is my configuration correct or I need other change in my radius files?
Thanks bye
on 05/04/2006 15.27 Sergio Sagliocco said the following:
</pre>
<blockquote type="cite">
<pre wrap="">Hi
I think you have to use == instead of :=
For example:
DEFAULT Cisco-AVPair == "ssid=testLEAP" , EAP-Type := Cisco-LEAP
Regards
</pre>
</blockquote>
<pre wrap="">- List info/subscribe/unsubscribe? See
<a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a>
</pre>
</blockquote>
<pre wrap="">
</pre>
</blockquote>
<pre wrap="">------------------------------------------------------------------------
-
List info/subscribe/unsubscribe? See <a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a>
</pre>
</blockquote>
<pre wrap=""><!---->
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
----------------------------------------------
Antonio Matera
CREATE-NET
Via Solteri, 38 - 38100 Trento
e-mail: <a class="moz-txt-link-abbreviated" href="mailto:antonio.matera@create-net.it">antonio.matera@create-net.it</a>
phone: +39 0461 408400 ext. 305
fax: +39 0461 421157
<a class="moz-txt-link-abbreviated" href="http://www.create-net.org">www.create-net.org</a>
----------------------------------------------</pre>
</body>
</html>