Removing tunnel attributes only for specific NAS

Ignacio Siles ignacio.siles at
Mon Jul 24 11:14:48 CEST 2006




I am trying to implement a Nomadix AG-5000 public NAS in a in a network with
an existing FreeRADIUS server. The environment is as follows:


-          The customer wants nomadix to make public authentication (with
captive portal and PAP) for guest users, and employees who can’t use the
protected wireless network working with WPA-Enterprise authentication.

-          The employees´ user names and passwords are stored in a LDAP

-          There is a freeRADIUS v 1.0.5 server which asks that LDAP
structure for authentication.


So the Nomadix is configured as RADIUS client, connected to the FreeRADIUS
server. I have tested the connection with test users stored in freeRADIUS´
“users” file, and everything worked fine. The problem starts with the
Access-Accept RADIUS message. This message includes some tunnel attributes
stored in the LDAP, which are necessary for the other networks to work
properly. But the Nomadix does not understand those attributes and drops the
Access-Accept messages, resulting in a

failed authentication.


The solution I’m thinking about is to remove this tunnel atributes of the
Access-Accept message should they be sent to the Nomadix. I’ve read about
rlm_attr_filter, but I don’t know how to configure it to remove tunnel
attribures should the Nomadix be acting as the NAS.


File /etc/raddb/attrs:



            Packet-type =* ANY,

            EAP-Message =* ANY,

            User-Name =* ANY,

            Message-Authenticator =* ANY,

            State =* ANY,

            Tunnel-Type := VLAN,

            Tunnel-Medium-Type := IEEE-802

            Tunnel-Private-Group-Id := “55”


Thank you in advance,



Ignacio Siles

Ingeniero de Telecomunicaciones

Libera Networks

Avda. Juan López Peñalver, 21. PTA

29590 Campanillas (MÁLAGA)

T: +34 951010529 - F: +34 951010542

 <mailto:ignacio.siles at> ignacio.siles at <blocked::> 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list