Attribute not passing to NAS?

mikal mpm at
Thu Dec 2 20:01:17 CET 2010


You shouldn't need to check the "restrict policy" option.  My setup is
actually using a Captive Portal for the users to enter credentials.  So I
start them off with a non-auth policy that uses a "Routed" topology and then
once authenticated uses a "Bridge at AP" topology.

So the controller is serving up the CP page, and then I'm using freeradius
with a MySQL backend.

Did you capture a trace from the controller interface just to ensure that
the attribute/value pair is appearing at the controller interface correctly? 
Wireless Controller->Utilities->Wireless Controller TCP Dump Management.

So my VNS setup looks like:

WLAN Service: SMFC
Non-Auth policy: SMFC NonAuth
Auth Policy: SMFC Auth               (support is correct, this will be
overwritten if the radius-accept contains a Filter-Id value that matches a
configured policy)
Restrict policy set unchecked
Enable checked

Under VNS Configuration->Policies I have a policy: named Policy

I throw a row in my MySQL radreply table to use a Filter-Id value of NewmanN
for a particular user (test.user11 in this case) and I'm off and running. 
If I set the Filter-Id value in my MySQL row to Newmann, or newmanN, etc.
then I get the default policy applied to test.user11.  The same behavior
that you're seeing.

"ktest   Cleartext-Password := "password"
        Filter-Id = "Faculty"

When I authenticate with this user I get:

Client session MAC [00:24:D6:A6:CE:CE] on AP [JRG-1FL-AP09] with SSID [TEST]
from VNS [TEST] with username [ktest] has been successfully authenticated.
Policy [Students] is applied.

I get the same msg for an ldap user that has the Filter-Id set to Faculty as

For comparison, on the controller my vns settings include:
Non-Auth policy: NonAuth
Auth Policy: Students               (support told me this doesnt matter what
its set to...the Filter-Id will override this)
Restrict policy set unchecked
Enable checked

I have another policy named Faculty that is assigned the AuthFaculty
topology (which sets the tagged vlan).

How does this compare to your setup?  Do I need the restrict policy set
option checked and config'd?"

View this message in context:
Sent from the FreeRadius - User mailing list archive at

More information about the Freeradius-Users mailing list