update : Re: Authentication on the basis of circuit id and not mac address

Arran Cudbard-Bell a.cudbardb at freeradius.org
Mon Mar 10 19:26:31 CET 2014

On 10 Mar 2014, at 17:35, Mahima Kumar <mahima at ualberta.ca> wrote:

> Hello Alan,
> Thanks for your reply.
> To be more specific i can tell you my scenario.
> client---switch---alcatel(dhcp relay agent)---freeradius and dhcp server
> The dhcp relay agent is generating a circuit id which i can see in the
> debug output, it is a hex string beginning from 0x as well as the dhcp
> agent remote id is visible as a hex string.

If you're using a recent version of FreeRADIUS you can use 
%{debug_attr:<attribute>} to see all the possible ways the attribute
could be decoded.

The reason why it's hex is because it's supposedly a binary/opaque string
with no fixed encoding.

If you want to try decoding it as an ASCII string use %{string:<attribute>}.

If it decodes to something meaningful, assign that to an attribute or use
it as a key in the users file or SQL.

> Now i am putting the username
> format in the alcatel as mac address and i have no problem in
> authenticating the client from the radius server on the basis of mac
> address and dhcp server is giving ip address to the client. But my goal is
> to authenticate my client on the basis of this circuit id which is being
> generated by the alcatel dhcp relay agent , and hence provide ip address to
> the client on from the dhcp server. As i change the username format to
> circuit-id in the alcatel relay agent, the authentication fails as the
> debug output in alcatel shows the username format implies circuit-id.
> I am actually implementing the Alcatel Triple Play ESM scenario(alcatel
> also has IES and VPLS running on it),

Oh dear. My condolences.


Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140310/6da95f9e/attachment.pgp>

More information about the Freeradius-Users mailing list