Hello Rui,
> As for the VLAN attribution wether the user is a roaming user (i.e. goes to a
> proxy to be authenticated), I have done several tries, without sucess.
> Haven't managed to do it through the users file above;my last attemp was
> trying to setting them up in the /etc/freeradius/attrs file with
> attr_filter.post-proxy, however it seems to interfere with the AEP/password
> negotiation. The setup is as follows, and I would like to ask for an
> alternative of where to insert the roaming VLAN.
>
> post-proxy {
> post_proxy_log
> attr_filter.post-proxy # here <---------------------------
> Post-Proxy-Type Fail {
> detail
> }
> }
The attr_filter module only controls what to strip out of the incoming
reply, it can not be used to add new attributes. What you specified in
the file:
> Tunnel-Type := "VLAN",
> Tunnel-Medium-Type := "IEEE-802",
> Tunnel-Private-Group-Id := "216",
means: "Only leave these attributes in the reply packet if they have
exactly these values, otherwise strip them out". That is obviously not
what you want.
The solution is rather simple with unlang:
post-proxy {
post_proxy_log
update reply {
Tunnel-Type := "VLAN"
Tunnel-Medium-Type := "IEEE-802"
Tunnel-Private-Group-Id := "216"
}
Post-Proxy-Type Fail {
detail
}
}
(syntax is "free-handed", you should try this on a testing server first)
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
signature.asc
Description: OpenPGP digital signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
