Dynamic VLAN assignment works on EAP-MD5, but not EAP-PEAP!!!

Difan Zhao difan.zhao at guest-tek.com
Fri Dec 18 18:19:35 CET 2009


Hey Ivan,

Thank you very much for your help! Now it works beautifully! 

My next step is to integrate FreeRadius with my Windows domain to use
Windows AD for authentication. I am sure I will more questions for you
guys! 

Thank you!

Guest-tek, Difan Zhao
difan.zhao at guest-tek.com
www.guest-tek.com
Office: 403-509-1010 ext 3048
Cell: 403-689-7514
-----Original Message-----
From:
freeradius-users-bounces+difan.zhao=guest-tek.com at lists.freeradius.org
[mailto:freeradius-users-bounces+difan.zhao=guest-tek.com at lists.freeradi
us.org] On Behalf Of tnt at kalik.net
Sent: Thursday, December 17, 2009 6:53 PM
To: FreeRadius users mailing list
Subject: Re: Dynamic VLAN assignment works on EAP-MD5, but not
EAP-PEAP!!!

> I have figured out how to configure attributes. Here is my "user"
file:
>
>
>
> test   Cleartext-Password := "test"
>
>         Tunnel-Type = 16777229,
>
>         Tunnel-Medium-Type = 16777222,
>
>         Tunnel-Private-Group-ID = 3
>
>
>
> When I use MD5-Challenge, I got put in the right vlan I wanted.
However
> if I choose PEAP, I can be authenticated but the vlan thing won't
work.
> I checked the Radius -X output very carefully and I don't see the
server
> is sending any attributes, as it did when the MD5 is used... I chose
> different types of authentication on the windows box. It seems I don't
> have to change any configuration on the radius server for both
> authentications to work. I will attach both radius -X output for both
> types.

You have those attributes in the tunneled reply. You should enable
use_tunnled_reply in peap section of eap.conf.

Ivan Kalik

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list