Dynamic VLAN assignment works on EAP-MD5, but not EAP-PEAP!!!

tnt at kalik.net tnt at kalik.net
Fri Dec 18 02:53:00 CET 2009


> I have figured out how to configure attributes. Here is my "user" file:
>
>
>
> test   Cleartext-Password := "test"
>
>         Tunnel-Type = 16777229,
>
>         Tunnel-Medium-Type = 16777222,
>
>         Tunnel-Private-Group-ID = 3
>
>
>
> When I use MD5-Challenge, I got put in the right vlan I wanted. However
> if I choose PEAP, I can be authenticated but the vlan thing won't work.
> I checked the Radius -X output very carefully and I don't see the server
> is sending any attributes, as it did when the MD5 is used... I chose
> different types of authentication on the windows box. It seems I don't
> have to change any configuration on the radius server for both
> authentications to work. I will attach both radius -X output for both
> types.

You have those attributes in the tunneled reply. You should enable
use_tunnled_reply in peap section of eap.conf.

Ivan Kalik




More information about the Freeradius-Users mailing list