FR3.0.11 with ldap + 802.1x + dynamic Vlan assignment.

Vlad Kratsberg vkratsberg at gmail.com
Wed Mar 9 22:44:47 CET 2016


Thanks Alan,

Setting use_tunneled_reply = yes solved the issue.

Interesting to note, that I didn't change this option in radius version
2.1.12 and access-accept still returned vlan and filter-id values.

On the other note, can you tell which attribute i could match in
access-request message in order to differentiate between 802.1x request and
lets say ssh login to network device ?

Thanks again,
Vlad

On Wed, Mar 9, 2016 at 4:07 PM, Alan DeKok <aland at deployingradius.com>
wrote:

> On Mar 9, 2016, at 3:38 PM, Vlad Kratsberg <vkratsberg at gmail.com> wrote:
> >
> > Correction regarding version 3.0.4:
> >
> > The correct output is in peap section,  it keeps insisting on mschap
> after
> > performing the following change:
>
>   The server can request GTC.  The client can still choose MS-CHAP.
>
> > Using cached TLS configuration from previous invocation
> >   # Linked to sub-module rlm_eap_peap
> >   peap {
> >    tls = "tls-common"
> >    default_method = "mschapv2"
> >    copy_request_to_tunnel = no
> >    use_tunneled_reply = no
>
>   You probably want to set this to "yes".  That will cause the inner
> tunnel reply to be sent in the final Access-Accept
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list