Use update control for VLAN with ntlm_auth

Alan DeKok aland at
Wed Oct 14 18:58:25 CEST 2015

On Oct 14, 2015, at 12:50 PM, Torsten Wilms <torsten at> wrote:
> I use free radius version 3.0.10 and the ntlm_auth for authenticate users via 802.1x over the AD
> Now i wan’t to setup switches with dynamic VLAN configuration.

  That should be simple.

> I tried to use in the authorize section unter default and inner-tunnel
> mschap
> if ( ok ) {

  That's wrong.  Don't check for "ok".  If authentication succeeds, the attributes will be sent back.  If authentication fails, an empty Access-Reject will be sent back.

> 	update control {

  That's wrong.  You want to send the attributes in the reply.  See "man unlang" for documentation.

> But no effect.

  Because it's wrong.

> Also i tried to use
> ...

  That's wrong, too.

> How can i use update control if ntlm_auth was successful?

  You don't.  You just update the reply.

 Alan DeKok.

More information about the Freeradius-Users mailing list