|
Hi to all, I have modified my users file: user1 Auth-Type := EAP, Cisco-AVPair := "ssid=SSID1" Tunnel-Medium-Type = IEEE-802, Tunnel-Private-Group-Id = 2, Tunnel-Type = VLAN user2 Auth-Type := EAP, Cisco-AVPair := "ssid=SSID2" Tunnel-Medium-Type = IEEE-802, Tunnel-Private-Group-Id = 3, Tunnel-Type = VLAN But in this way the radius authorize for example user2 on VLAN3 with SSID1 (second user with first SSID) In my log after the MAC address there isn't any information on the SSID. The log is similar to the last that I have posted: rad_recv: Access-Request packet from host 192.168.9.104:1645, id=21, length=137 User-Name = "user1" Framed-MTU = 1400 Called-Station-Id = "0012.dacb.8420" Calling-Station-Id = "000c.f135.f1ba" Service-Type = Login-User Message-Authenticator = 0x0b9afa834203d48273f35fee97e2df88 EAP-Message = 0x020600060d00 NAS-Port-Type = Wireless-802.11 NAS-Port = 262 State = 0xd2c7600f31d580fb360e134fa4977735 NAS-IP-Address = 192.168.9.104 NAS-Identifier = "ap" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "TEST4", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 6 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry user1 at line 12 modcall[authorize]: module "files" returns ok for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 5 modcall: leaving group authenticate (returns ok) for request 5 Login OK: [user1/<no User-Password attribute>] (from client ap-test port 262 cli 000c.f135.f1ba) Sending Access-Accept of id 21 to 192.168.9.104 port 1645 Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "2" Tunnel-Type:0 = VLAN MS-MPPE-Recv-Key = 0x9d39ad6e0574878bf7b25b981595db0b7781b06025feb14ec89a5d6d78c4653c MS-MPPE-Send-Key = 0xd68f501b1e8d569699674ddf3fc266185b2d269f9e455a4653aa126b5f3ba185 EAP-Message = 0x03060004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "user1" Finished request 5 In the log i haven't information on the SSID.... but in my aP configuration I have the radius-server vsa send accounting: ..... radius-server attribute 32 include-in-access-req format %h radius-server host 192.168.9.193 auth-port 1812 acct-port 1813 key 7 131112011F41162B2F2D3D20 radius-server host 192.168.9.104 auth-port 1645 acct-port 1646 key 7 111D1C1603 radius-server host 192.168.9.191 auth-port 1812 acct-port 1813 key 7 104D1B1C0403174602013E663629373C3700 radius-server vsa send accounting bridge 1 route ip ...... What is wrong? I don't understand of is the mistake..... Thanks a lot Bye all Antonio So prevent that. The Calling-Station-Id *should* contain the SSID after the MAC address. Run the server in debug mode to see this.Then, use a regular _expression_ to match the SSID. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html |
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
