Hello!
I configured freeradius to authenticate my WLAN Clients over Active
Directory. Depending on the Group Membership. Also i configured multiple
SSIDs on my WLAN switch, so a client request in freeradis debug output
includes the following Attributes:
rad_recv: Access-Request packet from host 172.21.254.100 port 32775,
id=40, length=402
Acct-Multi-Session-Id =
"00-0F-61-50-B7-B0-00-21-5C-40-BD-77-4C-6B-A5-8B-00-04-72-98"
Acct-Session-Id = "4295d4b3-00000118"
NAS-Port = 275
NAS-Port-Type = Wireless-802.11
NAS-Identifier = "msm710"
NAS-IP-Address = 172.21.254.101
Framed-MTU = 1496
User-Name = "myDomain\\myUser"
Calling-Station-Id = "00-21-5C-40-BD-77"
Called-Station-Id = "00-0F-61-50-B7-B0"
Service-Type = Framed-User
EAP-Message =
0x0277002d1900170301002293ed3bcfbb751eb66e4c737a442b8a2cf55f4a7812bfc8829d4a00049e221bce4309
State = 0x50052ead557237c49cf458a2fbedd583
Colubris-AVPair = "ssid=guest-wlan"
Colubris-AVPair = "incoming-vlan-id=152"
Colubris-AVPair = "group=internal"
Colubris-AVPair = "vsc-unique-id=1"
Colubris-AVPair = "phytype=IEEE802dot11g"
Colubris-Attr-250 = 0x00000002
Colubris-Attr-249 = 0xac157909
Message-Authenticator = 0x8d9162f11111ae7f047641224f07213a
My goal is to move authorized users depending on the SSID to a different
VLAN, i tried the following in the "hints" file, but that does not work,
can somebody help me?
DEFAULT Colubris-AVPair =~ ".*guest-wlan.*"
Reply-Message = "Hints",
Framed-Protocol = "PPP",
Service-Type = "Framed",
Tunnel-Type := "VLAN",
Tunnel-Medium-Type := "IEEE-802",
Tunnel-Private-Group-Id := "120"
I Expected that the Attributes set in the "hints" file and the ones set
in the "users" file are merged in the reply from freeradius, but that
seems not so.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
