Removing tunnel attributes only for specific NAS

Ignacio Siles ignacio.siles at libera.net
Mon Jul 24 11:14:48 CEST 2006 

 

Hello,

 

I am trying to implement a Nomadix AG-5000 public NAS in a in a network with
an existing FreeRADIUS server. The environment is as follows:

 

-          The customer wants nomadix to make public authentication (with
captive portal and PAP) for guest users, and employees who can’t use the
protected wireless network working with WPA-Enterprise authentication.

-          The employees´ user names and passwords are stored in a LDAP
structure.

-          There is a freeRADIUS v 1.0.5 server which asks that LDAP
structure for authentication.

 

So the Nomadix is configured as RADIUS client, connected to the FreeRADIUS
server. I have tested the connection with test users stored in freeRADIUS´
“users” file, and everything worked fine. The problem starts with the
Access-Accept RADIUS message. This message includes some tunnel attributes
stored in the LDAP, which are necessary for the other networks to work
properly. But the Nomadix does not understand those attributes and drops the
Access-Accept messages, resulting in a

failed authentication.

 

The solution I’m thinking about is to remove this tunnel atributes of the
Access-Accept message should they be sent to the Nomadix. I’ve read about
rlm_attr_filter, but I don’t know how to configure it to remove tunnel
attribures should the Nomadix be acting as the NAS.

 

File /etc/raddb/attrs:

 

DEFAULT

            Packet-type =* ANY,

            EAP-Message =* ANY,

            User-Name =* ANY,

            Message-Authenticator =* ANY,

            State =* ANY,

            Tunnel-Type := VLAN,

            Tunnel-Medium-Type := IEEE-802

            Tunnel-Private-Group-Id := “55”

 

Thank you in advance,

 

 

Ignacio Siles

Ingeniero de Telecomunicaciones

Libera Networks

Avda. Juan López Peñalver, 21. PTA

29590 Campanillas (MÁLAGA)

T: +34 951010529 - F: +34 951010542

 <mailto:ignacio.siles at libera.net> ignacio.siles at libera.net

www.libera.net <blocked::http://www.libera.net/> 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060724/794a6382/attachment.html>

More information about the Freeradius-Users mailing list