attr_filter issue

Mustapha Bouikhif Mustapha.Bouikhif at cnrs-gif.fr
Thu Nov 27 09:44:54 CET 2008 

tnt at kalik.net wrote:
> debug? It could be that they just haven't been copied from inner to
> outer reply.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 25/11/2008, "Mustapha Bouikhif" <Mustapha.Bouikhif at cnrs-gif.fr>
> piše:
>
>   
>> Hi Folk,
>>
>> I have activated attr_filter for a realm (dr4.cnrs.fr) and want users 
>>     
> >from that realm to have 2 possible values of VLANs (VISITEUR or SIRC)
>   
>> Here is my attr_file:
>> dr4.cnrs.fr
>>        Service-Type == Login-User,
>>        Framed-IP-Address == 255.255.255.254,
>>        Framed-MTU >= 576,
>>        Proxy-State =* ANY,
>>        Reply-Message =* ANY,
>>        EAP-Message =* ANY,
>>        Message-Authenticator =* ANY,
>>        State =* ANY,
>>        Session-Timeout <= 28800,
>>        Idle-Timeout <= 600,
>>        Port-Limit <= 2,
>>        Proxy-State =* ANY,
>>        MS-MPPE-Recv-Key =* ANY,
>>        MS-MPPE-Send-Key =* ANY,
>>        User-Name =* ANY,
>>        Called-Station-Id =* ANY,
>>        Calling-Station-Id =* ANY,
>>        NAS-Port-Type =* ANY,
>>        NAS-Port =* ANY,
>>        NAS-IP-Address =* ANY,
>>        NAS-Identifier =* ANY,
>>        Framed-Filter-ID =* ANY,
>>       Tunnel-Type == VLAN,
>> #       Tunnel-Type =* ANY,
>>       Tunnel-Medium-Type == IEEE-802,
>> #        Tunnel-Medium-Type =* ANY,
>>        Trapeze-VLAN-Name == VISITEUR,
>>       Trapeze-VLAN-Name == SIRC,
>> #        Trapeze-VLAN-Name =* ANY,
>>       Tunnel-Private-Group-Id == VISITEUR,
>>        Tunnel-Private-Group-Id == SIRC
>> #        Tunnel-Private-Group-Id =* ANY
>>
>> When i test the connexion with my account (my attribute 
>> Tunnel-Private-Group-Id = Trapeze-VLAN-Name = VISITEUR), the 
>> authentification is OK but radius server do not send this attribute to 
>> the NAS: they are filtered and they should not.
>> When I set those attributes to * ANY, every thing works well.
>> I don't understand this behaviour.
>> Thanks for any ideas/help
>>
>>
>> -- 
>> Mustapha BOUIKHIF
>> Service Systčmes d'Information
>> CNRS - DR4
>>
>> tel: +33 1 69 82 33 97
>> fax: +33 1 69 82 33 39 
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
>>
>>     
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>   
Here is the debug of radiusd (attached file)
Thanks.

-- 
Mustapha BOUIKHIF
Service Syste`mes d'Information
CNRS - DR4

tel: +33 1 69 82 33 97
fax: +33 1 69 82 33 39 

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: radius-debug
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20081127/91f3add3/attachment.ksh>

More information about the Freeradius-Users mailing list