Authentication probation for VLAN

Arran Cudbard-Bell a.cudbardb at freeradius.org
Thu Aug 25 22:36:29 CEST 2011


On 25 Aug 2011, at 21:43, Alexander Clouter wrote:

> joaocdc at gmail.com <joaocdc at gmail.com> wrote:
>> 
>> This model is funcionaç, however have a problem (very serious), Radius does
>> not know from which SSID the client is trying to authenticate, or whether it
>> decides the basis solely of the Realm authentication of the client. I need
>> to make the Radius check the VLAN that is associated with the request for
>> user authentication. Check through the debug radius that an Access-Request
>> packet has the following information:
>> 
>> ...
>> rad_recv: Access-Request packet from host 192.168.254.48 port 32769, id=204,
>> length=184
>> User-Name = "joao at fpti"
>> Calling-Station-Id = "68-a3-c4-85-c5-89"
>> Called-Station-Id = "00-26-cb-94-65-60:FPTI"
>> NAS-Port = 29
>> NAS-IP-Address = 192.168.254.48
>> NAS-Identifier = "WLC-PTI"
>> Airespace-Wlan-Id = 1
>> Service-Type = Framed-User
>> Framed-MTU = 1300
>> NAS-Port-Type = Wireless-802.11
>> Tunnel-Type:0 = VLAN
>> Tunnel-Medium-Type:0 = IEEE-802
>> * Tunnel-Private-Group-Id:0 = "5"*
>> 
> string != integer
> 
> Tunnel-Private-Group-Id is a string.

Eww gross. Ok I thought unlang did the conversions automagically.... But obviously not

-Arran






More information about the Freeradius-Users mailing list