Freeradius dot1x dynamic vlan
Alan DeKok
aland at deployingradius.com
Fri Sep 28 16:25:54 CEST 2018
On Sep 28, 2018, at 9:59 AM, Heikki Lavaste <heikki.lavaste at hotmail.com> wrote:
> What I'm trying to do is to get freeradius to return the vlan for authenticated user.
> User does get authenticated but no vlan is returned. If I add
>
> update reply {
>
> &Tunnel-Medium-Type := "IEEE-802"
> &Tunnel-Type := "VLAN"
> &Tunnel-Private-Group-Id := "100"
>
> everything works. Is there a way of just returning what is listed under the user?
Yes. That's the default.
> Fri Sep 28 14:54:29 2018 : Debug: Server was built with:
Please don't use "radiusd -Xx". Follow the documentation:
https://wiki.feeradius.org/list-help/
> Fri Sep 28 14:54:44 2018 : Debug: (8) eap_peap: Got tunneled reply code 11
> Fri Sep 28 14:54:44 2018 : Debug: (8) eap_peap: Service-Type = Framed-User
> Fri Sep 28 14:54:44 2018 : Debug: (8) eap_peap: Tunnel-Type = VLAN
> Fri Sep 28 14:54:44 2018 : Debug: (8) eap_peap: Tunnel-Medium-Type = IEEE-802
> Fri Sep 28 14:54:44 2018 : Debug: (8) eap_peap: Tunnel-Private-Group-Id = "100"
Which has the VLAN. But it's for the *inner-tunnel*.
> ...
> Fri Sep 28 14:54:44 2018 : Debug: (10) Sent Access-Accept Id 167 from 10.24.28.195:1812 to 172.28.14.103:58252 length 0
> Fri Sep 28 14:54:44 2018 : Debug: (10) MS-MPPE-Recv-Key = 0xffaaaefd3eda2dd4fbc9bf2df8a2697548ba63f8eb4f4f119d2f51be40cd093d
> Fri Sep 28 14:54:44 2018 : Debug: (10) MS-MPPE-Send-Key = 0x0fb34fe01b9d953baf5787a9587b074d9d89c6dd5d8c0ada12fec1147efa412b
> Fri Sep 28 14:54:44 2018 : Debug: (10) EAP-Message = 0x030b0004
> Fri Sep 28 14:54:44 2018 : Debug: (10) Message-Authenticator = 0x00000000000000000000000000000000
> Fri Sep 28 14:54:44 2018 : Debug: (10) User-Name = "heikki"
Which is a different packet - (10), not (8).
Read mods-available/eap. See the "peap" subsection. And then "use_tunneled_reply".
Alan DeKok.
More information about the Freeradius-Users
mailing list