Hello, I'm running freeradius-0.9.3 to authenticate wifi users using an CISCO AP1100. I've set up a user called 'wifi1' on radius server with next parameters:
wifi1 Auth-Type := eap, User-Password == "open" Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Filter-Id="161.out", Framed-IP-Address = 10.172.108.1 My PC win2000 client witch a CISCO aironet card succeed LEAP authentification, but it gets another DHCP IP adress than the one i wanted set up on radius server, thru the Framed-IP-Address . Here is the reply log when setting debug options: /usr/local/sbin/radiusd -A -X , .... modcall: group post-auth returns ok for request 2 Sending Access-Accept of id 252 to 10.172.250.9:1645 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 10.172.108.2 Cisco-AVPair += "leap:session-key=\207\330l\302\310\261\001\332\255dkCW\235\206\343e|o\010\3 52\007=W\273\273\266\377\367\352cV\334\032" EAP-Message = 0x0208002511010018b1ce76cdba9d58eaa89e6675f2216f4aad194abc68bb99967769666932 Message-Authenticator = 0x00000000000000000000000000000000 Finished request 2 My CISCO AP is configured with: radius-server host 10.172.102.71 auth-port 1812 acct-port 1813 key 7 13061E010803 radius-server retransmit 3 radius-server attribute 8 include-in-access-req radius-server attribute 32 include-in-access-req format %h radius-server authorization permit missing Service-Type radius-server vsa send accounting radius-server vsa send authentication access-list 161 deny tcp any host 10.172.102.1 eq telnet log I tried also a filter using access list 161, but it does not works too. Do you think it is Cisco AP that prevents getting radius attributes or did i miss something in freeradius conf ? Regards, --Bernard - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html