Hi
again,
here is more information about my problem, this is what I
get in the AP logs:
*Mar 3 21:42:07.767: RADIUS: Received from id 21646/105 IP:PORT,
Access-Challenge, len 78
*Mar 3 21:42:07.767: RADIUS: authenticator (HEX STRING) - (HEX STRING)
*Mar 3 21:42:07.767: RADIUS: Vendor, Cisco [26] 14
*Mar 3 21:42:07.767: RADIUS: Cisco AVpair [1] 8 "SSID_1"
*Mar 3 21:42:07.767: RADIUS: EAP-Message [79] 8
*Mar 3 21:42:07.768: RADIUS: (HEX STRING) [????? ]
*Mar 3 21:42:07.768: RADIUS: Message-Authenticato[80] 18 *
*Mar 3 21:42:07.768: RADIUS: State [24] 18
*Mar 3 21:42:07.769: RADIUS: (HEX STRING) [???V??? B?q?-]?m]
*Mar 3 21:42:07.769: RADIUS(00000152): Received from id 21646/105
*Mar 3 21:42:07.769: RADIUS/DECODE: parse VSA parts error
*Mar 3 21:42:07.769: RADIUS/DECODE: convert VSA string; FAIL
*Mar 3 21:42:07.769: RADIUS/DECODE: cisco VSA type 1; FAIL
*Mar 3 21:42:07.769: RADIUS/DECODE: VSA; FAIL
*Mar 3 21:42:07.769: RADIUS/DECODE: decoder; FAIL
*Mar 3 21:42:07.769: RADIUS/DECODE: attribute Vendor-Specific; FAIL
*Mar 3 21:42:07.769: RADIUS/DECODE: parse response op decode; FAIL
*Mar 3 21:42:07.769: RADIUS/DECODE: parse response; FAIL
*Mar 3 21:42:07.770 UTC: %DOT11-7-AUTH_FAILED: Station (MAC) Authentication failed
*Mar 3 21:42:41.126 UTC: %DOT11-7-AUTH_FAILED: Station (MAC) Authentication failed
*Mar 3 21:42:07.767: RADIUS: authenticator (HEX STRING) - (HEX STRING)
*Mar 3 21:42:07.767: RADIUS: Vendor, Cisco [26] 14
*Mar 3 21:42:07.767: RADIUS: Cisco AVpair [1] 8 "SSID_1"
*Mar 3 21:42:07.767: RADIUS: EAP-Message [79] 8
*Mar 3 21:42:07.768: RADIUS: (HEX STRING) [????? ]
*Mar 3 21:42:07.768: RADIUS: Message-Authenticato[80] 18 *
*Mar 3 21:42:07.768: RADIUS: State [24] 18
*Mar 3 21:42:07.769: RADIUS: (HEX STRING) [???V??? B?q?-]?m]
*Mar 3 21:42:07.769: RADIUS(00000152): Received from id 21646/105
*Mar 3 21:42:07.769: RADIUS/DECODE: parse VSA parts error
*Mar 3 21:42:07.769: RADIUS/DECODE: convert VSA string; FAIL
*Mar 3 21:42:07.769: RADIUS/DECODE: cisco VSA type 1; FAIL
*Mar 3 21:42:07.769: RADIUS/DECODE: VSA; FAIL
*Mar 3 21:42:07.769: RADIUS/DECODE: decoder; FAIL
*Mar 3 21:42:07.769: RADIUS/DECODE: attribute Vendor-Specific; FAIL
*Mar 3 21:42:07.769: RADIUS/DECODE: parse response op decode; FAIL
*Mar 3 21:42:07.769: RADIUS/DECODE: parse response; FAIL
*Mar 3 21:42:07.770 UTC: %DOT11-7-AUTH_FAILED: Station (MAC) Authentication failed
*Mar 3 21:42:41.126 UTC: %DOT11-7-AUTH_FAILED: Station (MAC) Authentication failed
So, the problem is that the AP does not understand the
attribute... Anybody knows the right way to specify the VLAN or the
SSID?
Best
Regards,
Alejandro
______________________-----Mensaje original-----
De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]En nombre de Alejandro Martínez Marcos
Enviado el: jueves, 27 de enero de 2005 12:29
Para: Freeradius-Users
Asunto: Reading VLAN from FreeRadius and sending it to Cisco APHello,I am trying to configure My Cisco 1100 AP to use different SSID's and VLAN's. There is a default SSID and the definite one must be given from freeradius as a result of the authentication process.As authentication is done with LDAP, I have modified ldap.attrmap to read the value, and I can see that, after the "Access Request", FreeRadius returns Cisco-AVPair="SSID_1":Sending Access-Challenge of id 103 to (MY IP):(XXXXX)Cisco-AVPair = "SSID_1"
EAP-Message = 0x010300060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe9b4f1c300311251a7961f6ab94ad7fd
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...However, after this I can see in the AP "Authentication Failure", and nothing else happens in the server.I have read about VLANs tunneling or sth like that, but I don't uderstand it very well and I am afraid I need some more specific help. I hope somebody in this list can give me hand with this.Thanks in advance,Alejandro Martínez______________________
Este mensaje, y en su caso, cualquier fichero anexo al mismo,
puede contener informacion clasificada por su emisor como
confidencial en el marco de su Sistema de Gestion de Seguridad
de la Informacion siendo para uso exclusivo del destinatario,
quedando prohibida su divulgacion copia o distribucion a terceros
sin la autorizacion expresa del remitente. Si Vd. ha recibido este
mensaje erroneamente, se ruega lo notifique al remitente y proceda
a su borrado. Gracias por su colaboracion.
______________________
This e-mail message and any attached files are confidential
and are intended solely for the use of the addressee(s) named
above. If you are not the intended recipient or person responsible
for delivering this confidential communication to the intended
recipient, you have received this communication in error, and any
review, use, dissemination, forwarding, printing, copying, or other
distribution of this e-mail message and any attached files is strictly
prohibited. If you have received this confidential communication in error,
please notify the sender immediately by reply e-mail message and
permanently delete the original message.
______________________
Este mensaje, y en su caso, cualquier fichero anexo al mismo,
puede contener informacion clasificada por su emisor como
confidencial en el marco de su Sistema de Gestion de Seguridad
de la Informacion siendo para uso exclusivo del destinatario,
quedando prohibida su divulgacion copia o distribucion a terceros
sin la autorizacion expresa del remitente. Si Vd. ha recibido este
mensaje erroneamente, se ruega lo notifique al remitente y proceda
a su borrado. Gracias por su colaboracion.
______________________
This e-mail message and any attached files are confidential
and are intended solely for the use of the addressee(s) named
above. If you are not the intended recipient or person responsible
for delivering this confidential communication to the intended
recipient, you have received this communication in error, and any
review, use, dissemination, forwarding, printing, copying, or other
distribution of this e-mail message and any attached files is strictly
prohibited. If you have received this confidential communication in error,
please notify the sender immediately by reply e-mail message and
permanently delete the original message.
______________________