Freeradius + Ldap - Authorise OK but NO dynamic VLANs

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Tue Aug 16 11:28:58 CEST 2016


Hi,

> I am trying to have dynamic VLAN assignment on Freeradius based on LDAP.
> The connection between Freeradius and LDAP works fine. If I test with a
> user I get the Authorise packet but not the dynamic VLAN assignment. We
> will be testing using this LDAP user:

how do you think you are doing the VLAN assignment?  what method are you trying to use for the
VLAN assignment?  pulling values out of LDAP?

> This is the received reply:
> radius at daloradius:~$ radtest -x ttester openldap localhost 1812 testing456
>      Sending Access-Request of id 30 to 127.0.0.1 port 1812
>         User-Name = "ttester"
>         User-Password = "openldap"
>         NAS-IP-Address = 127.0.1.1
>         NAS-Port = 1812
>         Message-Authenticator = 0x00000000000000000000000000000000
> rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=30,
> length=20

this is just a PAP request...so the request will only use the 'default'
virtual server in your case

> FreeRADIUS Version 2.1.12, for host x86_64-pc-linux-gnu, built on Feb 27
> 2015 at 12:38:34

obviously = old - upgrade

> This is an extract of the Freeradius debug:

which shows not a single sign of policy to set the VLAN

> My config files:
> 
> /etc/freeradius/modules/ldap : http://paste.ubuntu.com/23060929/

<snip> dont do that - either provide the 'radiusd -X' output, as requested as rules for
this list, or put the text here. dont expect others to go off looking at other web sites
for your config.

alan


More information about the Freeradius-Users mailing list