Hello,
I am trying to implement a Nomadix AG-5000 public NAS in a in a network with an existing FreeRADIUS server. The environment is as follows:
- The customer wants nomadix to make public authentication (with captive portal and PAP) for guest users, and employees who can’t use the protected wireless network working with WPA-Enterprise authentication.
- The employees´ user names and passwords are stored in a LDAP structure.
- There is a freeRADIUS v 1.0.5 server which asks that LDAP structure for authentication.
So the Nomadix is configured as RADIUS client, connected to the FreeRADIUS server. I have tested the connection with test users stored in freeRADIUS´ “users” file, and everything worked fine. The problem starts with the Access-Accept RADIUS message. This message includes some tunnel attributes stored in the LDAP, which are necessary for the other networks to work properly. But the Nomadix does not understand those attributes and drops the Access-Accept messages, resulting in a
failed authentication.
The solution I’m thinking about is to remove this tunnel atributes of the Access-Accept message should they be sent to the Nomadix. I’ve read about rlm_attr_filter, but I don’t know how to configure it to remove tunnel attribures should the Nomadix be acting as the NAS.
File /etc/raddb/attrs:
DEFAULT
Packet-type =* ANY,
EAP-Message =* ANY,
User-Name =* ANY,
Message-Authenticator =* ANY,
State =* ANY,
Tunnel-Type := VLAN,
Tunnel-Medium-Type := IEEE-802
Tunnel-Private-Group-Id := “55”
Thank you in advance,