Hi,
I am trying to assign different VLANs based on realms.
I use rlm_attr_filter and attrs file to acomplish
this.
I have done the following setting in attrs file
labtest.de
Tunnel-Type:1 := VLAN
Tunnel-Medium-Type:1 := IEEE-802
Tunnel-Private-Group-Id:1 := "labtest"
it works perfectly and I receive access accept from
radius server
with following message sent to my NAS
rad_check_password: Auth-Type = Accept, accepting the
user
Sending Access-Accept of id 22 to 129.69.1.50:1812
Tunnel-Type:1 := VLAN
Tunnel-Medium-Type:1 := IEEE-802
Tunnel-Private-Group-Id:1 := "labtest"
but the NAS which is cisco Catalyst 2970 switch
doesn't open the port. Additionally It doesn't
understand the Tunnel attributes.
But when I try for a local user defined in users file
testuser User-Password =="test"
Tunnel-Type:1 = VLAN,
Tunnel-Medium-Type:1 =IEEE-802,
Tunnel-Private-Group-Id:1 = labtest
I see this message in radius debug mode
Sending Access-Accept of id 29 to 129.69.1.50:1812
Tunnel-Type:1 = VLAN
Tunnel-Medium-Type:1 = IEEE-802
Tunnel-Private-Group-Id:1 = "labtest"
MS-MPPE-Recv-Key =
0x82d2b417e4803da1402b6b6e09ea33d9a17e7831ab9f4e72168f71e35948c625
MS-MPPE-Send-Key =
0x0f4e0d86d24e2ae90704293d7f1d4e780e5d7fd506339548117e239582d2e91f
EAP-Message = 0x03060004
Message-Authenticator =
0x00000000000000000000000000000000
User-Name = "testuser"
now the only difference I see when Tunnel attributes
are passed to NAS is the operators ":=" for realm and
"=" for local user.
Can any body suggest that what is wrong with my
settings to make attr_filter work fine with post proxy
or I have done something wrong in my settings.
I will be very thankful.
Regards,
Raza.
__________________________________
Do you Yahoo!?
Yahoo! Mail - now with 250MB free storage. Learn more.
http://info.mail.yahoo.com/mail_250
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
