Hi,
My name is Sachin Mody and I have recently started using the freeradius
server. I had some questions about the class attribute implementation for
duplicate-users.
I'm trying to use the class attribute in the reply message for a user entry,
which uses eap module as the authentication type. I'm using EAP-MD5 as the
method so the differentiation of the users based on the passwords should
work, though I do not have a user-name collision. I'm only trying to send
the class-attribute as a reply-message as part of the access-accept message.
The question I have is, do I need to have the 'user-collide' option in the radius.conf file, turned
to 'yes' for doing this or not, i.e.. with the user-collide option as 'no', can
I still use the class attribute? Also I'm using the radius server for WLAN
authentication. I'm currently using the Cisco Aironet 350 series access
point (firmware version 11.21).
I have tried to use the class attribute with both the user-collide option as
'yes' and 'no'. In the former case, the authentication stalls and does not
complete, while in the later case, when the user-collide is off, the server
sends the class attribute as part of the access-accept message, but I do not
see it in the accounting packets coming from the Cisco NAS thereafter. Would
this behavior be because Cisco might not have support for class attribute or
because the eap module doesn't have support for class attribute.
System Spec:
FreeRadius version 0.7
AP- Cisco 350 series (firmware version 11.21)
Regards,
Sachin S. Mody
Thomson Multimedia, Corporate Research
2 Independence Way,
Princeton, NJ 08543
Ph# 609-987-7321
Fax# 609-987-7299
