I've been bitten by whitespace stored in the backend of RADIUS. I use FreeRADIUS coupled with OpenLDAP. When I entered the policy into LDAP I mistakenly added a trailing space on the policy. Ergo, the policy would never match. Just a heads up....
Thanks, Lou Goddard Network Engineer 302-552-8053 [email protected] From: Michael Boschet <[email protected]> Sent: Wed, 3/2/2011 10:32am To: Enterasys Customer Mailing List <[email protected]> Subject: Re: [enterasys] C4110 + problems with PEAP/MSCHAPv2 Not necessarily. You can be authenticated by the RADIUS server, that is access is granted, but not have a correct policy. If there is no matching policy the traffic is discarded. I used to run into this problem all the time on the old standalone RoamAbout access points when someone would forget to put all the policies on a AP. Michael Boschet, Jr. Senior Network Systems Administrator Indiana Purdue Fort Wayne [email protected] Office: (260) 481-5747 >>> "Michael Baye" 03/01/11 1:39 PM >>> Hi, well, it is using the same policy for our "wireless users" as the Aruba controller. Also, I can see within the logs, that access is granted. So, this is obviously correct, isnĀ“t it? Michael Are you returning the appropriate attributes from your RADIUS server to select the correct policy? For example for a user in the Administrator policy we use Enterasys:version=1:policy=Administrator. Or for a Student Enterasys:version=1:policy=Student. The policy= has to match the policy you are have configured on your wireless controllers. --To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected] --To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected] ------------------ CONFIDENTIALITY NOTICE --------------- This message, including any attachments, is for the sole use of the intended recipient(s) and may contain privileged confidential information protected by law. Any unauthorized review, use, disclosure or distribution of this message is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of this message. ------------------ CONFIDENTIALITY NOTICE --------------- --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
