Attribute not passing to NAS?
Rob Yamry
ryamry at kimberly.k12.wi.us
Thu Dec 2 15:05:59 CET 2010
I have a Enterasys HiPath controller that Im trying to pass an attribute to
throw the user into the correct policy upon authentication. I talked with
their support and they say to set the Filter-Id attribute to the name of the
policy set on the controller. I did, but it doenst seem to pass. In the
debug for radius I get this:
[peap] Got tunneled reply RADIUS code 2
Filter-Id = "Faculty"
EAP-Message = 0x03080004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "ktest"
and it goes on to:
Cleaning up request 18 ID 109 with timestamp +12
User-Name = "ktest"
NAS-IP-Address = 127.0.4.1
NAS-Port = 222
Framed-MTU = 1400
Called-Station-Id = "00:1f:45:7f:83:fa"
Calling-Station-Id = "00:24:d6:a6:ce:ce"
NAS-Port-Type = Wireless-802.11
NAS-Identifier = "TEST"
Siemens-AP-Serial = "0500010143052305"
Siemens-AP-Name = "AP09"
Siemens-VNS-Name = "TEST"
Siemens-BSSID = "TEST"
Siemens-BSS-MAC = "00:1f:45:7f:83:fa"
Siemens-Policy = "Students"
Siemens-Topology = "TopoStudents"
Siemens-Ingress-Rate = "Unlimited"
Siemens-Egress-Rate = "Unlimited"
I use LDAP (via eDirectory) on the backend and authentication is working
fine. It pulls the correct value for the Filter-Id attribute, but it doesnt
seem to take effect. The Siemens-xxx attributes are coming from the
controller and you can see based on the Siemens-Policy = "Students" attribute
that the student policy is still applying - not the Faculty policy as is
defined in the Filter-Id attribute. I have also tried to set the
Siemens-Policy attribute on the user but that did not work either.
Am I missing something in the config to have this value sent back to the
NAS?
FreeRadius 2.1.8
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101202/2d90d4a4/attachment.html>
More information about the Freeradius-Users
mailing list