Hello everyone,
Some of the authentication requests are proxied and come back with a wrong vlan id. I try to rewrite the attribute Tunnel-Private-Group-Id, but I can't get it to work.
this is how answer from the proxy server on which the user is known looks like:
rad_recv: Access-Accept packet from host x.x.x.x:1812, id=1, length=83 Tunnel-Type:1 = VLAN:1 Tunnel-Medium-Type:1 = IEEE-802 Tunnel-Private-Group-Id:1 = "163" User-Name = "[EMAIL PROTECTED]" Proxy-State = 0x323036
I want the vlan to become 207 in stead of 163 so i did the following:
attr_rewrite changeVLAN { attribute = "Tunnel-Private-Group-Id" # also tried: attribute = "Tunnel-Private-Group-Id:1" # but server says: # rlm_attr_rewrite: No such attribute Tunnel-Private-Group-Id:1 # radiusd.conf[962]: changeVLAN: Module instantiation failed. searchin = proxy_reply searchfor = "161" replacewith = "207" }
and in: post-proxy { changeVLAN eap }
this is what the radiusd says:
modcall: entering group post-proxy for request 11
rlm_attr_rewrite: Could not find value pair for attribute Tunnel-Private-Group-Id
modcall[post-proxy]: module "changeVLAN" returns noop for request 11
TTLS: Passing reply from proxy back into the tunnel.
POST-AUTH 2
TTLS: Final reply from tunneled session code 2
Tunnel-Type:1 = VLAN:1
Tunnel-Medium-Type:1 = IEEE-802
Tunnel-Private-Group-Id:1 = "163"
User-Name = "[EMAIL PROTECTED]"
Proxy-State = 0x323138
I also tried:
Can someone give me a hint on how to configure this?
idealy I want to use a wildcard for the vlan id, replace "any vlan-id" with 207. is this possible? and how :)
regards Andree
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html