How to force tunnel-xx information in access-accept packet ?
mcn4 at leicester.ac.uk
Thu Nov 19 13:44:51 CET 2015
On Thu, Nov 19, 2015 at 08:59:09AM +0000, Michel_Monchatre at dell.com wrote:
> I'm using version freeradius2-2.1.12-5.el5 ( on CentOS 511)
> with a Dell Networking Switch model N3024, and I want to assign
> the users in specific Vlans based on EAP authentication.
That version is very old. You should really upgrade to at least
the latest 2.2 version (but v2 is end of life now).
> If the user's PC is authenticated with its MAC address ( MAB
> option on the switch) , there are very few Radius Packet
> exchange and the final access-accept packet contains correctly
> the Tunnel-Private-Group-ID, tunnel-Type and Tunnel-Medium-type
> But when I want to authenticate the users ( using login and
> paswsord ), there are a lot of access-challenge packet and the
> final access-accept packet does not contain anymore the
> tunnel-Private-group-id, etc informations.
> Is there a way to force freeradius to include again the missing
> information in the Access-accept packet ?
Many ways. It depends on where you want to get the information
from, for example. Where does the existing data for MAC auth come
from? The users file? A database?
> Which file(s) need to be modify and how ?
Depends on the above. Could be the users file for the simplest
You should send debug output (radiusd -X) for a working example and
one that doesn't work at least so we have some idea on what you're
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users