Hello everyone,
Some of the authentication requests are proxied and come back with a wrong vlan id. I try to rewrite the attribute Tunnel-Private-Group-Id, but I can't get it to work.
this is how answer from the proxy server on which the user is known looks like:
rad_recv: Access-Accept packet from host x.x.x.x:1812, id=1, length=83
Tunnel-Type:1 = VLAN:1
Tunnel-Medium-Type:1 = IEEE-802
Tunnel-Private-Group-Id:1 = "163"
User-Name = "[EMAIL PROTECTED]"
Proxy-State = 0x323036
I want the vlan to become 207 in stead of 163 so i did the following:
attr_rewrite changeVLAN {
attribute = "Tunnel-Private-Group-Id"
# also tried: attribute = "Tunnel-Private-Group-Id:1"
# but server says:
# rlm_attr_rewrite: No such attribute Tunnel-Private-Group-Id:1
# radiusd.conf[962]: changeVLAN: Module instantiation failed.
searchin = proxy_reply
searchfor = "161"
replacewith = "207"
}and in:
post-proxy {
changeVLAN
eap
}this is what the radiusd says:
modcall: entering group post-proxy for request 11
rlm_attr_rewrite: Could not find value pair for attribute Tunnel-Private-Group-Id
modcall[post-proxy]: module "changeVLAN" returns noop for request 11
TTLS: Passing reply from proxy back into the tunnel.
POST-AUTH 2
TTLS: Final reply from tunneled session code 2
Tunnel-Type:1 = VLAN:1
Tunnel-Medium-Type:1 = IEEE-802
Tunnel-Private-Group-Id:1 = "163"
User-Name = "[EMAIL PROTECTED]"
Proxy-State = 0x323138
I also tried:
Can someone give me a hint on how to configure this?
idealy I want to use a wildcard for the vlan id, replace "any vlan-id" with 207. is this possible? and how :)
regards Andree
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
