User + Device Authentication to Specific Network

Duncan X Simpson virtualdxs at
Mon Jun 10 16:59:01 CEST 2019

On Sun, Jun 9, 2019 at 11:45 PM Alan DeKok <aland at>
> On Jun 10, 2019, at 1:20 AM, Duncan X Simpson <virtualdxs at>
> > Thank you for the help! I seem to almost have it working, but I've run
into one problem: Attributes don't seem to be expanding. I have the
following in my post-auth section for testing:
> >
> >         update reply {
> >                 Unix-FTP-Shell := "%{Calling-Station-Id}"
> >         }
> >
> > Every time, Unix-FTP-Shell is set, but it's set to "":
>   Read the *rest* of the debug output.  Is there a Calling-Station-Id in
the incoming packet?

Yep, I double checked that. I was worried that case could be a problem, or
a typo, but it's there:

        (10) Received Access-Request Id 165 from to length 261
        (10)   User-Name = "duncan"
        (10)   NAS-Identifier = "802AA8834B4728077AE8"
        (10)   Called-Station-Id = "A2-2A-A8-85-4B-47:802.1X test"
        (10)   NAS-Port-Type = Wireless-802.11
        (10)   Service-Type = Framed-User
        (10)   Calling-Station-Id = "10-98-C3-A9-2C-D4"

>   In the reply.  NOT in the request.  See "man unlang" for how to access
the different lists.

Thanks for this tip. I was able to successfully expand Tunnel-Type after
reviewing that.

>   Post the WHOLE debug output, and let someone else explain it.

>   But odds are that the Service-Type attribute isn't in the request.
There isn't a lot that can go wrong here.

See above.

More information about the Freeradius-Users mailing list