Re: Problem with Cisco-AVPair

Thu, 06 Apr 2006 05:55:01 -0700

Hallo,
If I set Cisco-AVPair == "ssid=SSID1" in my user authentication, the authentication Fail with any ssid and user.
If I set Cisco-AVPair := "ssid=SSID1" my users are always authenticated.

Is there any other configuration to set in the radius or in the access point?

In my access request there is the AVPair attribute:

rad_recv: Access-Request packet from host 192.168.9.104:1645, id=19, length=166
      User-Name = "TEST4"
      Framed-MTU = 1400
      Called-Station-Id = "0012.dacb.8420"
      Calling-Station-Id = "000c.f135.f1ba"
      Cisco-AVPair = "ssid=VLAN3"
      Service-Type = Login-User
      Message-Authenticator = 0xb2a3f1fd52d9d6ff9702cc8f1f480f46
      EAP-Message = 0x020600060d00
      NAS-Port-Type = Wireless-802.11
      Cisco-NAS-Port = "260"
      NAS-Port = 260
      State = 0x0491685cf8ece3184d685dedfedbb3d4
      NAS-IP-Address = 192.168.9.104
      NAS-Identifier = "ap"


but I don't understand if it works...


Any idea?


Thanks


on 06/04/2006 11.39 Sergio Sagliocco said the following: 
Hi
I think you have to try in this way (for example):
TEST4 Cisco-AVPair == "ssid=SSID1" , Auth-Type := EAP
          Tunnel-Medium-Type = IEEE-802,
          Tunnel-Private-Group-Id = 2,
          Tunnel-Type = VLAN
DEFAULT Auth-Type := Reject

if uou want a password:
TEST4 Cisco-AVPair == "ssid=SSID1" ,User-Password="XXXX", Auth-Type := EAP
          Tunnel-Medium-Type = IEEE-802,
          Tunnel-Private-Group-Id = 2,
          Tunnel-Type = VLAN
DEFAULT Auth-Type := Reject

Regards
sergio

Antonio Matera wrote:
  
My goal is to have authenticate user only if the SSID is right!
You know how can I do it?

Thanks
Antonio

on 05/04/2006 17.33 Sergio Sagliocco said the following:
    
Hello
your goal is authenticate users only if the SSID is rght or to have
different EAP Authentication method based on SSID?

regards
sergio


Antonio Matera wrote:
  
      
Hallo,
thanks for the answer.

With your solution my radius don't authenticate my users....
Is my configuration correct or I need other change in my radius files?

Thanks bye

on 05/04/2006 15.27 Sergio Sagliocco said the following:
    
        
Hi
I think you have to use == instead of :=
For example:

DEFAULT Cisco-AVPair == "ssid=testLEAP"  ,  EAP-Type := Cisco-LEAP

Regards

  
      
          
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


    
        
  
      
------------------------------------------------------------------------

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
    

  

-- 

----------------------------------------------
Antonio Matera
CREATE-NET
Via Solteri, 38 - 38100 Trento
e-mail: [EMAIL PROTECTED]
phone: +39 0461 408400   ext. 305
fax: +39 0461 421157
www.create-net.org
----------------------------------------------
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to