Radius should assign based on the connected SSID/VLAN different Authentications rules ...
Fajar A. Nugraha
list at fajar.net
Fri Jan 21 15:25:58 CET 2011
On Fri, Jan 21, 2011 at 8:18 PM, Philipp Hanselmann
<philipp.hanselmann at qnamic.com> wrote:
> Even based on the debug output it looks like that the value
> %{Cisco-AVPair[*]} is empty?
> Help would be appreciated.
I'd start with pasting the complete debug output, not just snippets
which you think are important.
> <snip>
> ++[exec] returns noop
> Sending Access-Accept of id 39 to 192.168.110.210 port 1645
> MS-MPPE-Recv-Key = 0xdcf7bf00aa1600ac7ba7032d9exxxxxcd5xxxxxxxxxxx115738
> MS-MPPE-Send-Key = 0x8cf29e70b657866e446fb2a8c9xxxxxxxxxxxxxxxxxxxc
> EAP-Message = 0x03060004
> Message-Authenticator = 0x00000000000000000000000000000000
> User-Name = "phanselmann"
> Finished request 5.
> Going to the next request
> Waking up in 4.8 seconds.
This is the access accept. What was the Access-Request like?
> rad_recv: Accounting-Request packet from host 192.168.110.21 port 1646,
> id=81, length=230
> Acct-Session-Id = "00000312"
> Called-Station-Id = "001a.e35f.42e1"
> Calling-Station-Id = "0090.4b9a.6ac4"
> Cisco-AVPair = "ssid=wlan-public"
> Cisco-AVPair = "vlan-id=113"
> Cisco-AVPair = "nas-location=unspecified"
> User-Name = "phanselmann"
> Cisco-AVPair = "connect-progress=Call Up"
The only attributes that matter for your purpose are the ones in
Access-Request. Is there Cisco-AVPair in your Access-Request?
--
Fajar
More information about the Freeradius-Users
mailing list