FR3.0.11 with ldap + 802.1x + dynamic Vlan assignment.
Vlad Kratsberg
vkratsberg at gmail.com
Wed Mar 9 21:14:25 CET 2016
Hi Freeradius Users,
We are using FR3.0.11 and are trying to set up 802.1x authentication. We
are using eap-gtc inside peap.
Here is what was configured:
1. mods-available/ldap + symlink to mods-enabled/ldap
2. mods-enabled/eap
a. EAP section: changed default_eap_type to peap
b. PEAP section: changed default_eap_type to gtc
3. mods-config/files/authorize
Added the following:
DEFAULT Ldap-Group == "juniper-admins"
Service-Type = "Login-User",
Idle-Timeout = 600,
Juniper-Local-User-Name = "admin",
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-ID = 505,
Filter-Id = "USERS-FILTER"
Here is the full debug:
http://pastebin.com/Lugmz3yc
The result:
Ldap works, user gets authenticated, and Access-Accept message is received
however Vlan attributes and Filter-id are not present in Access-Accept.
Freeradius-2.1.12 version returns attributes just fine.
P.S: The reason why i m not using available RPM FR_3.0.4 is because when
I perform change number 2.a. (eap section) as described above, freeradius
doesn't recognize it and displays default config:
================================================
# Loading module "eap" from file /etc/raddb/mods-enabled/eap
eap {
default_eap_type = "mschapv2"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 16384
=================================================
I would appreciate any help or point in the right direction.
Thanks
Vlad
More information about the Freeradius-Users
mailing list