Authentication probation for VLAN
joaocdc at gmail.com
joaocdc at gmail.com
Thu Aug 25 22:57:33 CEST 2011
OK friends,
I appreciate the help, I managed to solve.
Dear Alexander Clouter really the type of data is an integer, but that I had
already tested. But I appreciate the hint and attention.
The problem is that I'm using EAP (PEAP and TTLS) server and default routes
via internal proxy (or something) the request to the inner-tunnel, and when the
request arrived at the inner-tunnel not all attributes of the original
request were present in the package.
To solve, it took Enable the option "copy_request_to_tunnel = yes" in the
file eap.conf. This solved the problem.
I appreciate everyone's help.
2011/8/25 Arran Cudbard-Bell <a.cudbardb at freeradius.org>
>
> On 25 Aug 2011, at 21:43, Alexander Clouter wrote:
>
> > joaocdc at gmail.com <joaocdc at gmail.com> wrote:
> >>
> >> This model is funcionaç, however have a problem (very serious), Radius
> does
> >> not know from which SSID the client is trying to authenticate, or
> whether it
> >> decides the basis solely of the Realm authentication of the client. I
> need
> >> to make the Radius check the VLAN that is associated with the request
> for
> >> user authentication. Check through the debug radius that an
> Access-Request
> >> packet has the following information:
> >>
> >> ...
> >> rad_recv: Access-Request packet from host 192.168.254.48 port 32769,
> id=204,
> >> length=184
> >> User-Name = "joao at fpti"
> >> Calling-Station-Id = "68-a3-c4-85-c5-89"
> >> Called-Station-Id = "00-26-cb-94-65-60:FPTI"
> >> NAS-Port = 29
> >> NAS-IP-Address = 192.168.254.48
> >> NAS-Identifier = "WLC-PTI"
> >> Airespace-Wlan-Id = 1
> >> Service-Type = Framed-User
> >> Framed-MTU = 1300
> >> NAS-Port-Type = Wireless-802.11
> >> Tunnel-Type:0 = VLAN
> >> Tunnel-Medium-Type:0 = IEEE-802
> >> * Tunnel-Private-Group-Id:0 = "5"*
> >>
> > string != integer
> >
> > Tunnel-Private-Group-Id is a string.
>
> Eww gross. Ok I thought unlang did the conversions automagically.... But
> obviously not
>
> -Arran
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
--
João Paulo de Lima Barbosa
Fone: (45) 9938-8399
Blog: http://joao.us
Twitter: @joaocdc
"O erro dos que tem poder é colocar barreiras para que ninguém os alcance,
incentivando-nos a buscar todas as formas que encontramos para alcança-los."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110825/b513a40a/attachment.html>
More information about the Freeradius-Users
mailing list