How to force tunnel-xx information in access-accept packet ?

Michel_Monchatre at dell.com Michel_Monchatre at dell.com
Mon Dec 14 22:04:30 CET 2015


Hi



Forget my question, I finally have it working, I just had to comment the following line “return = ok” in the default file located in sites-available :



[cid:image001.jpg at 01D136BB.667F5460]



Best regards



Michel



-----Original Message-----
From: Monchatre, Michel
Sent: lundi 14 décembre 2015 20:06
To: freeradius-users at lists.freeradius.org
Subject: RE: How to force tunnel-xx information in access-accept packet ?



Hi



Here I am again, sorry for the delay...



I have now installed Freeradius 3.0.3 on CentOS 7.0 and got the same problem: the access-accept packet does not include anymore the tunnel-Private-group-id information...



Does anyone have an idea to force freeradius to include the vlan information in the access-accept packet ?



Many thanks in advance for your answers



/Michel









-----Original Message-----

From: Freeradius-Users [mailto:freeradius-users-bounces+michel_monchatre=dell.com at lists.freeradius.org] On Behalf Of Monchatre, Michel

Sent: lundi 23 novembre 2015 07:38

To: freeradius-users at lists.freeradius.org<mailto:freeradius-users at lists.freeradius.org>

Subject: RE: How to force tunnel-xx information in access-accept packet ?



Hi Matthew



Thanks for your answer,



I'll then install an up-to-date Linux OS with an up-to-date freeradius version and let you know about the results asap ..



Best regards



Michel





-----Original Message-----

From: Freeradius-Users [mailto:freeradius-users-bounces+michel_monchatre=dell.com at lists.freeradius.org] On Behalf Of Matthew Newton

Sent: jeudi 19 novembre 2015 13:45

To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org<mailto:freeradius-users at lists.freeradius.org>>

Subject: Re: How to force tunnel-xx information in access-accept packet ?



On Thu, Nov 19, 2015 at 08:59:09AM +0000, Michel_Monchatre at dell.com<mailto:Michel_Monchatre at dell.com> wrote:

> I'm using version  freeradius2-2.1.12-5.el5  ( on CentOS 511) with a

> Dell Networking Switch model N3024, and I want to assign the users in

> specific Vlans based on EAP authentication.



That version is very old. You should really upgrade to at least the latest 2.2 version (but v2 is end of life now).



> If the user's PC is authenticated with its MAC address ( MAB option on

> the switch) , there are very few Radius Packet exchange and the final

> access-accept packet contains correctly the Tunnel-Private-Group-ID,

> tunnel-Type and Tunnel-Medium-type informations



OK.



> But when I want to authenticate the users ( using login and paswsord

> ), there are a lot of access-challenge packet and the final

> access-accept packet does not contain anymore the

> tunnel-Private-group-id, etc  informations.

>

> Is there a way to force freeradius to include again the missing

> information in the Access-accept packet ?



Many ways. It depends on where you want to get the information from, for example. Where does the existing data for MAC auth come from? The users file? A database?



> Which file(s) need to be modify and how  ?



Depends on the above. Could be the users file for the simplest option.



You should send debug output (radiusd -X) for a working example and one that doesn't work at least so we have some idea on what you're doing.



Matthew





--

Matthew Newton, Ph.D. <mcn4 at le.ac.uk<mailto:mcn4 at le.ac.uk>>



Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom



For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk<mailto:ithelp at le.ac.uk>>

-

List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Dell S.A, Siège Social 1 rond point Benjamin Franklin 34000 Montpellier.

Capital 1,782,769 Euros, 351 528 229 RCS Montpellier –APE 4651Z -TVA Intracommunautaire FR 20 351 528 229. SIRET 351 528 229 00096



-

List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dell S.A, Siège Social 1 rond point Benjamin Franklin 34000 Montpellier.
Capital 1,782,769 Euros, 351 528 229 RCS Montpellier –APE 4651Z -TVA Intracommunautaire FR 20 351 528 229. SIRET 351 528 229 00096


More information about the Freeradius-Users mailing list