Hi list, We are running FreeRADIUS 2.16 (sparc-sun-solaris2.10) and we are are seing some unexpected results, the following is snippets of configuration followed by debug output...
# entry in huntgroups > dot1x-allowed NAS-IP-Address == 192.168.0.1 # only entries in users file... > DEFAULT Service-Type == Framed-User, Huntgroup-Name == "dot1x-allowed" > Service-Type = Framed-User, > Tunnel-Type = "VLAN", > Tunnel-Medium-Type = "IEEE-802", > Fall-Through = Yes > > DEFAULT Ldap-Group == "somegroup" > Reply-Message = "Welcome, you are in the somegroup group" # radiusd -X debug... > Login OK: [username] (from client 192.168.0.1 port 50122 cli > 00-24-21-9A-C6-68) > +- entering group post-auth {...} > ++[exec] returns noop > ++? if ((Huntgroup-Name == "dot1x-allowed") && (Service-Type == Framed-User)) > ?? Evaluating (Huntgroup-Name == "dot1x-allowed") -> TRUE > ?? Evaluating (Service-Type == Framed-User) -> TRUE > ++? if ((Huntgroup-Name == "dot1x-allowed") && (Service-Type == Framed-User)) > -> TRUE > ++- entering if ((Huntgroup-Name == "dot1x-allowed") && (Service-Type == > Framed-User)) {...} > +++? if ((!reply:Tmp-String-0) || (reply:Tmp-String-0 == "")) > ?? Evaluating !(reply:Tmp-String-0) -> FALSE > ?? Evaluating (reply:Tmp-String-0 == "") -> FALSE > +++? if ((!reply:Tmp-String-0) || (reply:Tmp-String-0 == "")) -> FALSE > +++- entering else else {...} > expand: %{reply:Tmp-String-0} -> admin > ++++[reply] returns noop > +++- else else returns noop > ++- if ((Huntgroup-Name == "dot1x-allowed") && (Service-Type == Framed-User)) > returns noop > Sending Access-Accept of id 207 to 192.168.0.1 port 1645 > Reply-Message = "Welcome, you are in the group" > User-Name = "username" > MS-MPPE-Recv-Key = > 0xb46d59aaee8c0eb2a1920ae89f45a117335310a4de90c3ae2c9865293033491f > MS-MPPE-Send-Key = > 0xeb4263c8dc5e281bac5fbc263761a78cf69254c11c3e9f139b98f3a04c38d7ec > EAP-Message = 0x03490004 > Message-Authenticator = 0x00000000000000000000000000000000 > Tunnel-Private-Group-Id:0 = "admin" > Finished request 9. > Going to the next request The question is... why am I not getting the Service-Type, Tunnel-Type and Tunnel-Medium-Type values being sent back in the access accept packet? If you need any further debug/info let me know. Thanks Steve -- Steven Carr Systems Development Officer SLS/ITS/Systems - (0191) 515 3953
signature.asc
Description: OpenPGP digital signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html