How to force tunnel-xx information in access-accept packet ?

Matthew Newton mcn4 at
Thu Nov 19 13:44:51 CET 2015

On Thu, Nov 19, 2015 at 08:59:09AM +0000, Michel_Monchatre at wrote:
> I'm using version  freeradius2-2.1.12-5.el5  ( on CentOS 511)
> with a Dell Networking Switch model N3024, and I want to assign
> the users in specific Vlans based on EAP authentication.

That version is very old. You should really upgrade to at least
the latest 2.2 version (but v2 is end of life now).

> If the user's PC is authenticated with its MAC address ( MAB
> option on the switch) , there are very few Radius Packet
> exchange and the final access-accept packet contains correctly
> the Tunnel-Private-Group-ID, tunnel-Type and Tunnel-Medium-type
> informations


> But when I want to authenticate the users ( using login and
> paswsord ), there are a lot of access-challenge packet and the
> final access-accept packet does not contain anymore the
> tunnel-Private-group-id, etc  informations.
> Is there a way to force freeradius to include again the missing
> information in the Access-accept packet ?

Many ways. It depends on where you want to get the information
from, for example. Where does the existing data for MAC auth come
from? The users file? A database?

> Which file(s) need to be modify and how  ?

Depends on the above. Could be the users file for the simplest

You should send debug output (radiusd -X) for a working example and
one that doesn't work at least so we have some idea on what you're


Matthew Newton, Ph.D. <mcn4 at>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at>

More information about the Freeradius-Users mailing list