FR3.0.11 with ldap + 802.1x + dynamic Vlan assignment.
Vlad Kratsberg
vkratsberg at gmail.com
Wed Mar 9 22:44:47 CET 2016
Thanks Alan,
Setting use_tunneled_reply = yes solved the issue.
Interesting to note, that I didn't change this option in radius version
2.1.12 and access-accept still returned vlan and filter-id values.
On the other note, can you tell which attribute i could match in
access-request message in order to differentiate between 802.1x request and
lets say ssh login to network device ?
Thanks again,
Vlad
On Wed, Mar 9, 2016 at 4:07 PM, Alan DeKok <aland at deployingradius.com>
wrote:
> On Mar 9, 2016, at 3:38 PM, Vlad Kratsberg <vkratsberg at gmail.com> wrote:
> >
> > Correction regarding version 3.0.4:
> >
> > The correct output is in peap section, it keeps insisting on mschap
> after
> > performing the following change:
>
> The server can request GTC. The client can still choose MS-CHAP.
>
> > Using cached TLS configuration from previous invocation
> > # Linked to sub-module rlm_eap_peap
> > peap {
> > tls = "tls-common"
> > default_method = "mschapv2"
> > copy_request_to_tunnel = no
> > use_tunneled_reply = no
>
> You probably want to set this to "yes". That will cause the inner
> tunnel reply to be sent in the final Access-Accept
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list