Removing tunnel attributes only for specific NAS
liran tal
liransgarage at gmail.com
Tue May 19 09:07:44 CEST 2009
Hey Ignacio,
I am in a need to get a Nomadix AG3100 gateway to do the same thing as you
have done - get it authenticate
to FreeRADIUS and redirect to portal pages for a simple user/pass login.
I've exchanged a bunch of emails with their support team (which is awful)
and read their guides but it's
terribly cumbersome and seems that some kind of XML interface is required to
be implemented.
I was hoping to get some pointers from you on getting this working,
Thanks,
Liran.
On Mon, Jul 24, 2006 at 12:14 PM, Ignacio Siles <ignacio.siles at libera.net>wrote:
>
>
> Hello,
>
>
>
> I am trying to implement a Nomadix AG-5000 public NAS in a in a network
> with an existing FreeRADIUS server. The environment is as follows:
>
>
>
> - The customer wants nomadix to make public authentication (with
> captive portal and PAP) for guest users, and employees who can’t use the
> protected wireless network working with WPA-Enterprise authentication.
>
> - The employees´ user names and passwords are stored in a LDAP
> structure.
>
> - There is a freeRADIUS v 1.0.5 server which asks that LDAP
> structure for authentication.
>
>
>
> So the Nomadix is configured as RADIUS client, connected to the FreeRADIUS
> server. I have tested the connection with test users stored in freeRADIUS´
> “users” file, and everything worked fine. The problem starts with the
> Access-Accept RADIUS message. This message includes some tunnel attributes
> stored in the LDAP, which are necessary for the other networks to work
> properly. But the Nomadix does not understand those attributes and drops the
> Access-Accept messages, resulting in a
>
> failed authentication.
>
>
>
> The solution I’m thinking about is to remove this tunnel atributes of the
> Access-Accept message should they be sent to the Nomadix. I’ve read about
> rlm_attr_filter, but I don’t know how to configure it to remove tunnel
> attribures should the Nomadix be acting as the NAS.
>
>
>
> File /etc/raddb/attrs:
>
>
>
> DEFAULT
>
> Packet-type =* ANY,
>
> EAP-Message =* ANY,
>
> User-Name =* ANY,
>
> Message-Authenticator =* ANY,
>
> State =* ANY,
>
> Tunnel-Type := VLAN,
>
> Tunnel-Medium-Type := IEEE-802
>
> Tunnel-Private-Group-Id := “55”
>
>
>
> Thank you in advance,
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090519/752a2954/attachment.html>
More information about the Freeradius-Users
mailing list