Freeradius and Unifi Vlan

Gabriel Ozaki gabriel.ozaki at kemi.com.br
Thu Nov 10 13:54:31 CET 2016


You are correct, now is working fine

Thanks





2016-11-10 10:47 GMT-02:00 Brian Candler <b.candler at pobox.com>:

> On 10/11/2016 12:02, Gabriel Ozaki wrote:
>
>> But unifi still using vlan 1, is possible the unifi is not receiving the
>> Tunnel information?
>>
>
> Look carefully at the end of your debug output:
>
> (9) Login OK: [kemi/<via Auth-Type = eap>] (from client private-network-1
> port 0 cli F8-2F-A8-F5-12-97)
> (9) Sent Access-Accept Id 40 from 192.168.3.1:1812 to 192.168.3.190:49091
> length 0
> (9)   MS-MPPE-Recv-Key = 0x9cef482e0e294db32ca069d27b9a
> 4b1605896ae638b2d845ffd593d7fc00777e
> (9)   MS-MPPE-Send-Key = 0xd010d975e1b595af9f1c04a1ad0e
> 07d22213f62823948c425fc21bfb18c16b5e
> (9)   EAP-Message = 0x033a0004
> (9)   Message-Authenticator = 0x00000000000000000000000000000000
> (9)   User-Name = "kemi"
> (9) Finished request
>
> The final reply doesn't include those attributes; the inner tunnel auth
> has them, but they don't appear in the outer session. You need to set:
>
> use_tunneled_reply = yes
>
> Similarly, if in your inner tunnel logic you want to make use of
> attributes in the request (such as Called-Station-ID to see which SSID the
> client is connecting to), you need:
>
> copy_request_to_tunnel = yes
>
> These settings are in mods-available/eap
>
> Regards,
>
> Brian.
>
>


More information about the Freeradius-Users mailing list