Hi, We're having a bit of a problem with FreeRADIUS not always including VLAN information in access-accept packets; I've not been able as yet to establish what the cause is so I thought I'd throw it out to the list if there's something others have come across. Needless to say our testing through the summer had not highlighted this issue, but now we have 3000 students trying to connect it's become apparent.
A bit of info, we're seeing this issue in both FR 2.1.1 and 2.1.7, and our NASes are Cisco WiSM. Users' VLAN info is stored in the SQL usergroup table. I have an sql.athorize statement in the Post-Auth section of both the default (outer), and inner-tunnel conf files. Initially I thought it was only clients with an anonymised outer identity that were having this issue, which seemed plausible as the sql.athourize in default would see the outer and fail to find it in sql (though wouldn't explain why it works sometimes); but it appears not to just these users, as we're now seeing users who are not using anon outers having the same issue. Another thought was that fast-reauth could be the issue, in that somehow a fast-reauth request was not doing a Post-Auth sql.authorize and therefore not sending back the VLAN info? I fully expect it's a config issue, but any insight would be gratefully received. Currently I do not have CCKM enabled on the controllers, but for some time I have been considering enabling this to take some load off RADIUS, and also wondered if it would help this current problem. Is there anything to be wary of with CCKM? Many thanks, Jezz Palmer. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html