returning a HEX String as a HEX String (bit string) instead of the decimal equivalent - FreeRADIUS 2.1.10

Andy andy at brandwatch.com
Wed Aug 7 19:49:30 CEST 2013 

Thank you everyone so much :)

Wow, what a great list :D

"OK. First, you're not doing PPP, remove the default entries in the 
users file for Framed-Protocol and Framed-Compression."

I have commented this out now.

And again thank you for your wireshark capture, and perfect 
explanations of the expected data type. I never doubted your 
credentials or the value of your suggestions ;)
I just got myself into a mess with it, BUT, its working now :)

NB; your extremely well written website says RFC 4765 isn't in the W 
branch. I'm running the W branch and its working;

brdswitch02(config)# 0050:11:24:55.01 MAC  mWebAuth:Port: 29 MAC: 
080027-e4b2cd new client detected
   on vid: 1.
0050:11:24:55.01 MAC  mWebAuth:Port: 29 MAC: 080027-e4b2cd RADIUS CHAP
   authentication started, session: 3055.
0050:11:24:55.02 MAC  mWebAuth:Port: 29 MAC: 080027-e4b2cd RADIUS 
Attributes,
   priority: 11111111, tagged vid: 12.
0050:11:24:55.02 MAC  mWebAuth:Port: 29 MAC: 080027-e4b2cd client 
accepted,
   session: 3055.
0050:11:24:55.02 MAC  mWebAuth:Port: 29 MAC: 080027-e4b2cd client 
successfully
   placed into vid: 0.

The last message about being placed into vid: 0 is strange, but after 
running 'show vlans 12', I now see;

  Port Information Mode     Unknown VLAN Status
  ---------------- -------- ------------ ----------
  1                No       Learn        Up
  2                No       Learn        Up
  5                No       Learn        Up
  6                No       Learn        Up
  7                No       Learn        Up
  8                No       Learn        Up
  20               No       Learn        Up
  22               No       Learn        Up
  29               MACAUTH  Learn        Up
  41               No       Learn        Up
  43               No       Learn        Up
  A1               Tagged   Learn        Up

NB; the mac was on port 29.

Just need to now test that the MAC on tagged 12 can communicate, AND, 
the untagged MAC on the same port can also communicate still on VLAN 1.

Thank you again for your help :)

PS; And sorry again for my initial fast reply. It annoys me when people 
*sigh* and point you to a page you've already read every word of very 
closely.. We're not all lazy ;)

Andy

On Wed 07 Aug 2013 11:21:21 BST, Arran Cudbard-Bell wrote:
>
>
>
>
> On 7 Aug 2013, at 10:56, Alex Sharaz <alex.sharaz at york.ac.uk> wrote:
>
>> Works here just fine. Once you've created the correctly formatted value for the radius attribute FR displays it as an integer but whatever happens in the background the HP switch just "does its  stuff "
>
> Yes the HP switch correctly parses the 4byte octet string sent by the RADIUS server.  There's no magic here, the RADIUS server does not communicate to the NAS that the value was once treated as an integer.
>
> I've already sent you a screenshot of the raw value off list, I'm not sure what else I can do to convince you that this is expected and non-magical behaviour.
>
> I'm honestly not entirely sure why the freeradius dictionary has the attribute as an unsigned int. Possibly for efficiency or for use with systems that already deal with VLAN IDs as native width integers (almost all interpreted languages use integers of a width >= 32bits by default).
>
>
>
>> Rgds
>> A
>>
>> Sent from my iPhone
>>
>> On 6 Aug 2013, at 00:39, Andy <andy at brandwatch.com> wrote:
>>
>>> Hello,
>>>
>>> This is my first post here so please excuse any missed etiquette.
>>>
>>> I have read through the wiki's and googled a lot and not found anything.
>>>
>>> I have been trying configure our switch ports (HP 2910al) with Tagged VLANs via Egress-VLANID and Egress-VLAN-Name.
>>>
>>> The Radius backend is OpenLDAP, and I have tried setting the data type in OpenLDAP to binary, UTF-8 and IA5, but no matter what I do, the value returned by RADIUS is the decimal equivalent of the HEX bit string I enter :(
>>>
>>> For example I'm trying to store and send 0x31000012 to indicate a tagged VLAN (0x31) on VLAN 12. But looking at freeradius -X output I can see it sending the decimal number, when the switch wants the bit string as it was stored, and hence throws an error!
>>>
>>> Is this a FreeRADIUS thing or an OpenLDAP data type thing?
>>>
>>> Any help and advice would be greatly appreciated as I'm stuck.
>>> Thanks in advance, Andy.
>>> -
>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list