<div> Thanks.</div> <div> I still have a question. Can freeradius get VLAN from AD? And forward it to client?? Special configure needed?</div> <div> </div> <div>I use samba's ntlm_auth.</div> <div> </div> <div> </div> <div> Hangjun</div> <div><BR><BR><B><I>tnt@kalik.co.yu</I></B> 写道:</div> <BLOCKQUOTE class=replbq style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid">Since you are using AD to store user profile this is an AD, not<BR>freeradius question. Create a (vlan) group; add users/groups to the<BR>group; create Remote Access Policy; apply policy to this group; edit the<BR>policy to include those Tunnel attributes in dial-in profile; do the<BR>same for every VLAN.<BR><BR>Ivan Kalik<BR>Kalik Informatika ISP<BR><BR><BR>Dana 2/8/2007, "Hangjun He" <ELMERHE@YAHOO.COM.CN>pi筫:<BR><BR>>Hi,<BR>> We use peap + AP + fr + AD to
authenticate user. Now It can work. But I<BR>> need to get VLAN from freeradius for different user or group.<BR>> How should I do?? Please give me some advice, Thanks.<BR>><BR>> I saw below debug info from maillist, from these info I guess freeradius can set VLAN for user or group.<BR>><BR>><BR>> Ready to process requests.<BR>>rad_recv: Access-Request packet from host 192.168.1.1:1645, id=38, length=149<BR>> User-Name = "DOMAIN\\testuser"<BR>> Service-Type = Framed-User<BR>> Framed-MTU = 1500<BR>> Called-Station-Id = "00-19-AA-2C-8F-03"<BR>> Calling-Station-Id = "00-08-74-46-2A-A5"<BR>> EAP-Message = 0x0202001601434f5250524f4f545c7467646f72686531<BR>> Message-Authenticator = 0x9bc11b6f6182f53f6428ad12c48d8f10<BR>> NAS-Port = 50001<BR>> NAS-Port-Type = Ethernet<BR>> NAS-IP-Address = 192.168.1.1<BR>> Processing the authorize section of radiusd.conf<BR>>modcall: entering group authorize for request 0<BR>> rlm_eap:
EAP packet type response id 2 length 22<BR>> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<BR>> modcall[authorize]: module "eap" returns updated for request 0<BR>> users: Matched entry DEFAULT at line 1<BR>> modcall[authorize]: module "files" returns ok for request 0<BR>>modcall: leaving group authorize (returns updated) for request 0<BR>> rad_check_password: Found Auth-Type EAP<BR>>auth: type "EAP"<BR>> Processing the authenticate section of radiusd.conf<BR>>modcall: entering group authenticate for request 0<BR>> rlm_eap: EAP Identity<BR>> rlm_eap: processing type tls<BR>> rlm_eap_tls: Initiate<BR>> rlm_eap_tls: Start returned 1<BR>> modcall[authenticate]: module "eap" returns handled for request 0<BR>>modcall: leaving group authenticate (returns handled) for request 0<BR>>Sending Access-Challenge of id 38 to 192.168.1.1 port 1645<BR>> Tunnel-Type:0 = VLAN<BR>> Tunnel-Medium-Type:0 =
IEEE-802<BR>> Tunnel-Private-Group-Id:0 = "vlanX"<BR>> EAP-Message = 0x010300061920<BR>> Message-Authenticator = 0x00000000000000000000000000000000<BR>> State = 0x67c75e29c6b4d8d32c662ce2d154d277<BR>>Finished request 0<BR>>Going to the next request<BR>>--- Walking the entire request list ---<BR>>Waking up in 6 seconds...<BR>><BR>><BR>><BR>><BR>><BR>>---------------------------------<BR>> 雅虎免费邮箱3.5G容量,20M附件!<BR>><BR><BR>- <BR>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html<BR></BLOCKQUOTE><BR><p>
<hr size=1><a href="http://cn.mail.yahoo.com/" target=blank>
雅虎免费邮箱3.5G容量,20M附件!</a>