returning Vendor specific attributes to aruba

Phil Brown phil.brown at
Thu Jul 14 14:34:47 CEST 2011

We are trying to use vendor specific attributes to provide different
services to users authenticating to our local radius system, rather
than users authenticating via proxy'd eduraom systems.

we are using freeradius version 2.1.10

and have added the below to the users file
DEFAULT Suffix == ""
                Aruba-User-Role = ROLE-EDUROAM-INT,
                Aruba-User-Vlan = 128,
                Class = ROLE-EDUROAM-INT,
                Fall-Through = Yes

As far as I can tell, from the reply-detail log below & wirehark, Radius
is returning the values. But the support guy is not seeing them on his
wireless server. The first packets he sees are the MS-MPPE- packets.
Can anyone advise as to to get this working.

        Packet-Type = Access-Accept
        Aruba-User-Role = "ROLE-EDUROAM-INT"
        Aruba-User-Vlan = 128
        Class = 0x524f4c452d454455524f414d2d494e54
        MS-MPPE-Encryption-Policy = 0x00000001
        MS-MPPE-Encryption-Types = 0x00000006
        MS-MPPE-Send-Key = 0xd1b37a684ca34b56aac068907f687067
        MS-MPPE-Recv-Key = 0x0bb8b13849577453ba36e4de9dd7aafc
        EAP-Message = 0x030c0004
        Message-Authenticator = 0x00000000000000000000000000000000
        User-Name = "knighta"

Thu Jul 14 10:30:31 2011
        Packet-Type = Access-Accept
        MS-MPPE-Recv-Key =
MS-MPPE-Send-Key =
EAP-Message = 0x030d0004 Message-Authenticator =
0x00000000000000000000000000000000 User-Name = "monkey"

More information about the Freeradius-Users mailing list