Freeradius + Ldap - Authorise OK but NO dynamic VLANs

A.L.M.Buxey at A.L.M.Buxey at
Tue Aug 16 11:28:58 CEST 2016


> I am trying to have dynamic VLAN assignment on Freeradius based on LDAP.
> The connection between Freeradius and LDAP works fine. If I test with a
> user I get the Authorise packet but not the dynamic VLAN assignment. We
> will be testing using this LDAP user:

how do you think you are doing the VLAN assignment?  what method are you trying to use for the
VLAN assignment?  pulling values out of LDAP?

> This is the received reply:
> radius at daloradius:~$ radtest -x ttester openldap localhost 1812 testing456
>      Sending Access-Request of id 30 to port 1812
>         User-Name = "ttester"
>         User-Password = "openldap"
>         NAS-IP-Address =
>         NAS-Port = 1812
>         Message-Authenticator = 0x00000000000000000000000000000000
> rad_recv: Access-Accept packet from host port 1812, id=30,
> length=20

this is just a PAP the request will only use the 'default'
virtual server in your case

> FreeRADIUS Version 2.1.12, for host x86_64-pc-linux-gnu, built on Feb 27
> 2015 at 12:38:34

obviously = old - upgrade

> This is an extract of the Freeradius debug:

which shows not a single sign of policy to set the VLAN

> My config files:
> /etc/freeradius/modules/ldap :

<snip> dont do that - either provide the 'radiusd -X' output, as requested as rules for
this list, or put the text here. dont expect others to go off looking at other web sites
for your config.


More information about the Freeradius-Users mailing list