[EMAIL PROTECTED] pisze:
But how to configure freeradius to work in this scenario:
- freeradius check if it has proper mac addres in its users.conf, if it
has it assign the proper vlan (it works !)
Yes.
- if it doesnt find a mac in a file it assign vlan for examle 15 (I dont
know how to configure that in freeradius)
You don't. You configure that on the switch - if mac is not
authenticated put the port into the guest VLAN.
You can do that in freeradius, but should avoid it (it will interfere
with other types of authentication):
DEFAULT Auth-Type = Accept
guest VLAN configuration
You would put that entry *after* all others in users file.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi I put thin on the end of users.conf
DEFAULT Auth-Type = Accept
Fall-Through = Yes,
Tunnel-Medium-Type = 6,
Tunnel-Private-Group-Id := 250,
Tunnel-Type = VLAN
But the resultis still the same, i've got this in debug
rad_recv: Access-Request packet from host 10.77.24.37:5002, id=129,
length=219
User-Name = "00-11-25-b8-df-42"
User-Password = "00-11-25-b8-df-42"
NAS-IP-Address = 10.77.24.37
NAS-Identifier = "001cc5b48702"
NAS-Port = 33587215
NAS-Port-Id = "unit=2;subslot=0;port=8;vlanid=15"
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "0011-25b8-df42"
Vendor-25506-Attr-26 = 0x0000018a
Vendor-25506-Attr-255 = 0x34353030
Vendor-25506-Attr-60 =
0x302e302e302e302030303a31313a32353a62383a64663a3432
Vendor-25506-Attr-59 = 0x38e68c62
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "00-11-25-b8-df-42", looking up
realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 2
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
users: Matched entry DEFAULT at line 183
modcall[authorize]: module "files" returns ok for request 2
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 2
modcall: leaving group authorize (returns ok) for request 2
rad_check_password: Found Auth-Type System
auth: type "System"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
modcall[authenticate]: module "unix" returns notfound for request 2
modcall: leaving group authenticate (returns notfound) for request 2
auth: Failed to validate the user
Login incorrect: [00-11-25-b8-df-42] (from client admin-vlan-2 port
33587215 cli 0011-25b8-df42)
Delaying request 1 for 1 seconds
Please help
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
