Attribute not passing to NAS?
mikal
mpm at atceast.com
Thu Dec 2 20:01:17 CET 2010
Rob,
You shouldn't need to check the "restrict policy" option. My setup is
actually using a Captive Portal for the users to enter credentials. So I
start them off with a non-auth policy that uses a "Routed" topology and then
once authenticated uses a "Bridge at AP" topology.
So the controller is serving up the CP page, and then I'm using freeradius
with a MySQL backend.
Did you capture a trace from the controller interface just to ensure that
the attribute/value pair is appearing at the controller interface correctly?
Wireless Controller->Utilities->Wireless Controller TCP Dump Management.
So my VNS setup looks like:
VNS Name: SMFC
WLAN Service: SMFC
Non-Auth policy: SMFC NonAuth
Auth Policy: SMFC Auth (support is correct, this will be
overwritten if the radius-accept contains a Filter-Id value that matches a
configured policy)
Restrict policy set unchecked
Enable checked
Under VNS Configuration->Policies I have a policy: named Policy
Name:NewmanN.
I throw a row in my MySQL radreply table to use a Filter-Id value of NewmanN
for a particular user (test.user11 in this case) and I'm off and running.
If I set the Filter-Id value in my MySQL row to Newmann, or newmanN, etc.
then I get the default policy applied to test.user11. The same behavior
that you're seeing.
"ktest Cleartext-Password := "password"
Filter-Id = "Faculty"
When I authenticate with this user I get:
Client session MAC [00:24:D6:A6:CE:CE] on AP [JRG-1FL-AP09] with SSID [TEST]
from VNS [TEST] with username [ktest] has been successfully authenticated.
Policy [Students] is applied.
I get the same msg for an ldap user that has the Filter-Id set to Faculty as
well.
For comparison, on the controller my vns settings include:
VNS Name: TEST
WLAN Service: TESTWLAN
Non-Auth policy: NonAuth
Auth Policy: Students (support told me this doesnt matter what
its set to...the Filter-Id will override this)
Restrict policy set unchecked
Enable checked
I have another policy named Faculty that is assigned the AuthFaculty
topology (which sets the tagged vlan).
How does this compare to your setup? Do I need the restrict policy set
option checked and config'd?"
--
View this message in context: http://freeradius.1045715.n5.nabble.com/Attribute-not-passing-to-NAS-tp3289418p3289846.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list