Using FreeRadius to override VLAN Assignment

McSparin, Joe jmcsparin at hillcountrymemorial.org
Wed Jan 4 19:37:01 CET 2012 

Here is my radiusd -X it looks to me like the Access-Accept is not
returning the vlan with it.

# Executing section post-auth from file
/usr/local/etc/raddb/sites-enabled/inner-tunnel
} # server inner-tunnel
[peap] Got tunneled reply code 2
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "16"  
        MS-MPPE-Encryption-Policy = 0x00000001
        MS-MPPE-Encryption-Types = 0x00000006
        MS-MPPE-Send-Key = 0xa15daac8db91138c9543ff1dd79193d8
        MS-MPPE-Recv-Key = 0x5b23ada7251bf55e939f78211bc91ee9
        EAP-Message = 0x030a0004
        Message-Authenticator = 0x00000000000000000000000000000000
        User-Name = "jmcsparin"
[peap] Got tunneled reply RADIUS code 2
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "16"
        MS-MPPE-Encryption-Policy = 0x00000001
        MS-MPPE-Encryption-Types = 0x00000006
        MS-MPPE-Send-Key = 0xa15daac8db91138c9543ff1dd79193d8
        MS-MPPE-Recv-Key = 0x5b23ada7251bf55e939f78211bc91ee9
        EAP-Message = 0x030a0004
        Message-Authenticator = 0x00000000000000000000000000000000
        User-Name = "jmcsparin"
[peap] Tunneled authentication was successful.
[peap] SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 199 to 10.1.1.50 port 35858
        EAP-Message =
0x010b002b19001703010020c4f38e69d73c88a387eba5b0923e812f7d609d6c9d329f90
acd78fc19eb2381f
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x11074b60180c524471e7db294b4fecfb
Sending Access-Accept of id 200 to 10.1.1.50 port 35858
        MS-MPPE-Recv-Key =
0x3d7918ad48100976d9f4db012a50f82b6dba74d3777f6bdca2648b0db3eb9650
        MS-MPPE-Send-Key =
0xd4fcd3d81bc0e75431a4baa52fff9b7dce70f1cf1025fe2aac060f30f45b35bb
        EAP-Message = 0x030b0004
        Message-Authenticator = 0x00000000000000000000000000000000
        User-Name = "jmcsparin"
Finished request 49.

 

Joseph R. McSparin
Network Administrator
Hill Country Memorial Hospital
830 990 6638 phone
830 990 6623 fax
jmcsparin at hillcountrymemorial.org 

 

________________________________

From:
freeradius-users-bounces+jmcsparin=hillcountrymemorial.org at lists.freerad
ius.org
[mailto:freeradius-users-bounces+jmcsparin=hillcountrymemorial.org at lists
.freeradius.org] On Behalf Of Brian Julin
Sent: Wednesday, January 04, 2012 10:49 AM
To: FreeRadius users mailing list
Subject: RE: Using FreeRadius to override VLAN Assignment


The first order of business would be to freeradius in debug mode, or
launch an eapol_test client against it, and look to see whether the
attribute is being sent.  If you do not know whether the attribute is
being sent, you cannot determine whether it is the AP or the freeradius
server that needs fixing.

________________________________

From: freeradius-users-bounces+bjulin=clarku.edu at lists.freeradius.org
[mailto:freeradius-users-bounces+bjulin=clarku.edu at lists.freeradius.org]
On Behalf Of McSparin, Joe
Sent: Wednesday, January 04, 2012 11:00 AM
To: FreeRadius users mailing list
Subject: Using FreeRadius to override VLAN Assignment



I have put the following into my users files 

DEFAULT  Auth-Type = "ntlm_auth" 
                Tunnel-Type = "VLAN", 
                Tunnel-Medium-Type = "IEEE-802", 
                Tunnel-Private-Group-id = "1001" 

I have told my access point to Allow RADIUS Override on the VLAN
Assignment however the VLAN is not getting overridden.  Does the Above
entry into my users file not actually send back a vlan assignment and if
not is there somewhere else this is supposed to be done?

Joseph R. McSparin
Network Administrator
Hill Country Memorial Hospital
830 990 6638 phone
830 990 6623 fax
jmcsparin at hillcountrymemorial.org 


________________________________

This email message and any attachments are for the sole use of the
intended recipient(s) and contain confidential and/or privileged
information. Any unauthorized review, use, disclosure or distribution is
prohibited. If you are not the intended recipient, please contact the
sender by reply email and destroy all copies of the original message and
any attachments.


-- 
This email message and any attachments are for the sole use of the intended recipient(s) and contain confidential and/or privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message and any attachments.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120104/ac2ed3e6/attachment.html>

More information about the Freeradius-Users mailing list