attr_filter issue
tnt at kalik.net
tnt at kalik.net
Tue Nov 25 12:13:35 CET 2008
debug? It could be that they just haven't been copied from inner to
outer reply.
Ivan Kalik
Kalik Informatika ISP
Dana 25/11/2008, "Mustapha Bouikhif" <Mustapha.Bouikhif at cnrs-gif.fr>
piše:
>Hi Folk,
>
>I have activated attr_filter for a realm (dr4.cnrs.fr) and want users
>from that realm to have 2 possible values of VLANs (VISITEUR or SIRC)
>Here is my attr_file:
>dr4.cnrs.fr
> Service-Type == Login-User,
> Framed-IP-Address == 255.255.255.254,
> Framed-MTU >= 576,
> Proxy-State =* ANY,
> Reply-Message =* ANY,
> EAP-Message =* ANY,
> Message-Authenticator =* ANY,
> State =* ANY,
> Session-Timeout <= 28800,
> Idle-Timeout <= 600,
> Port-Limit <= 2,
> Proxy-State =* ANY,
> MS-MPPE-Recv-Key =* ANY,
> MS-MPPE-Send-Key =* ANY,
> User-Name =* ANY,
> Called-Station-Id =* ANY,
> Calling-Station-Id =* ANY,
> NAS-Port-Type =* ANY,
> NAS-Port =* ANY,
> NAS-IP-Address =* ANY,
> NAS-Identifier =* ANY,
> Framed-Filter-ID =* ANY,
> Tunnel-Type == VLAN,
># Tunnel-Type =* ANY,
> Tunnel-Medium-Type == IEEE-802,
># Tunnel-Medium-Type =* ANY,
> Trapeze-VLAN-Name == VISITEUR,
> Trapeze-VLAN-Name == SIRC,
># Trapeze-VLAN-Name =* ANY,
> Tunnel-Private-Group-Id == VISITEUR,
> Tunnel-Private-Group-Id == SIRC
># Tunnel-Private-Group-Id =* ANY
>
>When i test the connexion with my account (my attribute
>Tunnel-Private-Group-Id = Trapeze-VLAN-Name = VISITEUR), the
>authentification is OK but radius server do not send this attribute to
>the NAS: they are filtered and they should not.
>When I set those attributes to * ANY, every thing works well.
>I don't understand this behaviour.
>Thanks for any ideas/help
>
>
>--
>Mustapha BOUIKHIF
>Service Systčmes d'Information
>CNRS - DR4
>
>tel: +33 1 69 82 33 97
>fax: +33 1 69 82 33 39
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
More information about the Freeradius-Users
mailing list