Hello! I got to work my freeradius configuration for the following environment: *Freeradius client is a wifi access point, wifi-clients can connect via wpa2-enterprise / eap-peap *i'm still using test certificates *The data-Backend is a mysql-storage with a different table structure that default. The queries that I've changed work correctly. This has been tested *My tests are done with a linux wifi-client using wpa_supplicant and kde-frontends
Now my goal is to tell the NAS to assign every wifi-packet to a certain VLAN. I don't need to have a dynamic assignment of VLAN based on usernames or something else. One VLAN would be sufficient. The solution I found was to insert the following lines into the radgroupreply table (splitted up into the correct columns...): Tunnel-Type = 13 Tunnel-Medium-Type = 6 Tunnel-Private-Group-Id = 10 After I've done this entry, I hoped that it would work, but it didn't. There is no dialogue that contains such information. Below I pasted such a dialogue. Can you please help me to find the problem and a working solution for it? I'm not sure if eap/peap and tunnelling is working in the correct way... Thank you! Marten rad_recv: Access-Request packet from host 172.20.160.40 port 32768, id=165, length=261 User-Name = "marpap" NAS-IP-Address = 172.20.160.40 NAS-Port = 0 Called-Station-Id = "00-18-84-A2-7D-C5:ABH-Radiustest" Calling-Station-Id = "00-60-B3-63-4E-03" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x02a100601900170301002008e9b2a352735ed2407406268dd56051d9adc7798d3cda8b660c740ba3871bd6170301003042f11b790723eaeeed249cadbf49997f453b7806afe61b6a40af64c3995ecc43952584e4d7e221c4596e9479d56be47a State = 0x4135755949946c07b29c66b8d618b063 Message-Authenticator = 0x9ab8793841a539e9a2086d12d79b2b38 +- entering group authorize {...} ++[preprocess] returns ok ++[mschap] returns noop [eap] EAP packet type response id 161 length 96 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Received EAP-TLV response. [peap] Success [eap] Freeing handler ++[eap] returns ok +- entering group post-auth {...} [sql] expand: %{User-Name} -> marpap [sql] sql_set_user escaped user --> 'marpap' [sql] expand: %{User-Password} -> [sql] ... expanding second conditional [sql] expand: %{Chap-Password} -> [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'marpap', '', 'Access-Accept', '2010-08-30 17:54:46') [sql] expand: /var/log/freeradius/sqltrace.sql -> /var/log/freeradius/sqltrace.sql rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'marpap', '', 'Access-Accept', '2010-08-30 17:54:46') rlm_sql (sql): Reserving sql socket id: 4 rlm_sql_mysql: query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'marpap', '', 'Access-Accept', '2010-08-30 17:54:46') rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[exec] returns noop Sending Access-Accept of id 165 to 172.20.160.40 port 32768 MS-MPPE-Recv-Key = 0x63de979ef48495f1fe3db129c78383084c9d5661e2e14b85c89a4596e96756eb MS-MPPE-Send-Key = 0x010d4434923d42929b0d7d1b595e991391bf7c0ec6a70ee391591593fac04815 EAP-Message = 0x03a10004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "marpap" Finished request 9. Going to the next request Waking up in 4.8 seconds. gahn schrieb: > Thanks. Matteo: > > But I don't have this 192.168.1.29 in my network and I have not configured > any NAS yet. it was just genetic tests based on "radtest"... > > > > --- On Mon, 8/30/10, mat...@crs4.it <mat...@crs4.it> wrote: > > >> From: mat...@crs4.it <mat...@crs4.it> >> Subject: Re: radius newbie question >> To: freeradius-users@lists.freeradius.org >> Date: Monday, August 30, 2010, 10:33 AM >> Hello gahn, >> that's ithe IP address of an Access Point you're using to >> connect to >> the network, or a switch, for example. >> Matteo >> >> >> >> >> Quoting gahn <ipfr...@yahoo.com>: >> >> >>> Ok. >>> >>> now I started the server with "radiusd -X" and run >>> >> "radtest testing >> >>> password localhost 10 secret test123": >>> >>> bn_1# radtest testing password localhost 10 secret >>> >> test123 >> >>> Sending Access-Request of id 158 to 127.0.0.1 port >>> >> 1812 >> >>> User-Name = >>> >> "testing" >> >>> User-Password = >>> >> "password" >> >>> NAS-IP-Address = >>> >> 192.168.1.29 >> >>> NAS-Port = 10 >>> Framed-Protocol >>> >> = PPP >> >>> radclient: Failed to send packet for ID 158: (unknown >>> >> error) >> >>> Sending Access-Request of id 158 to 127.0.0.1 port >>> >> 1812 >> >>> User-Name = >>> >> "testing" >> >>> User-Password = >>> >> "password" >> >>> NAS-IP-Address = >>> >> 192.168.1.29 >> >>> NAS-Port = 10 >>> Framed-Protocol >>> >> = PPP >> >>> radclient: Failed to send packet for ID 158: (unknown >>> >> error) >> >>> Sending Access-Request of id 158 to 127.0.0.1 port >>> >> 1812 >> >>> User-Name = >>> >> "testing" >> >>> User-Password = >>> >> "password" >> >>> NAS-IP-Address = >>> >> 192.168.1.29 >> >>> NAS-Port = 10 >>> Framed-Protocol >>> >> = PPP >> >>> radclient: Failed to send packet for ID 158: (unknown >>> >> error) >> >>> radclient: no response from server for ID 158 socket >>> >> 3 >> >>> but the server debug didn't show anything: >>> >>> Listening on authentication address * port 1812 >>> Listening on accounting address * port 1813 >>> Listening on command file >>> >> /var/run/radiusd/radiusd.sock >> >>> Listening on proxy address * port 1814 >>> Ready to process requests. >>> >>> >>> where did that "NAS-IP-Address = 192.168.1.29" come >>> >> from? >> >>> Thanks in advance >>> >>> --- On Sat, 8/28/10, gahn <ipfr...@yahoo.com> >>> >> wrote: >> >>>> From: gahn <ipfr...@yahoo.com> >>>> Subject: Re: radius newbie question >>>> To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> >>>> Date: Saturday, August 28, 2010, 11:56 AM >>>> thanks. >>>> >>>> giraffe is the temp hostname (for now).. it is >>>> >> behind a dsl >> >>>> link at this moment and this public address is >>>> >> listed in >> >>>> ddns. >>>> >>>> once i pointed my /etc/resolv.conf to that ddns >>>> provider,the "radtest" worked as it is designed. >>>> >>>> But why? >>>> >>>> --- On Sat, 8/28/10, Alan Buxey <a.l.m.bu...@lboro.ac.uk> >>>> wrote: >>>> >>>> >>>>> From: Alan Buxey <a.l.m.bu...@lboro.ac.uk> >>>>> Subject: Re: radius newbie question >>>>> To: "FreeRadius users mailing >>>>> >> list" >> >>>> <freeradius-users@lists.freeradius.org> >>>> >>>>> Date: Saturday, August 28, 2010, 11:46 AM >>>>> Hi, >>>>> >>>>> >>>>>> host# radtest testing password localhost >>>>>> >> 10 >> >>>>> testing123 >>>>> >>>>>> radclient:: Failed to find IP address >>>>>> >> for >> >>>> giraffe >>>> >>>>>> radclient: Nothing to send. >>>>>> >>>>> where does giraffe come from? whats in >>>>> >> your >> >>>>> /etc/resolv.conf? >>>>> >>>>> alan >>>>> - >>>>> List info/subscribe/unsubscribe? >>>>> >> See >> >>>> http://www.freeradius.org/list/users.html >>>> >>>> >>>> >>>> >>>> - >>>> List info/subscribe/unsubscribe? >>>> >> See >> >>>> http://www.freeradius.org/list/users.html >>>> >>>> >>> >>> >>> >>> - >>> List info/subscribe/unsubscribe? >>> >> See >> >>> http://www.freeradius.org/list/users.html >>> >>> >> >> ---------------------------------------------------------------- >> This message was sent using IMP, the Internet Messaging >> Program. >> >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> >> > > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html