I don't think you should be setting the Auth-Type. Just let FreeRADIUS work that out. What are you doing with your Cisco AP? Are you doing PEAP/MS-CHAPv2? If so, then you must have a User-Password == "foo" in your user database and you *must not* set Auth-Type := EAP.
You should do as Sergio says and use == in your Cisco-AVPair check item. This is a comparison. Rgds, Guy On 06/04/06, Antonio Matera <[EMAIL PROTECTED]> wrote: > Hallo, > If I set Cisco-AVPair == "ssid=SSID1" in my user authentication, the > authentication Fail with any ssid and user. > If I set Cisco-AVPair := "ssid=SSID1" my users are always authenticated. > > Is there any other configuration to set in the radius or in the access > point? > > In my access request there is the AVPair attribute: > > > rad_recv: Access-Request packet from host 192.168.9.104:1645, id=19, > length=166 > User-Name = "TEST4" > Framed-MTU = 1400 > Called-Station-Id = "0012.dacb.8420" > Calling-Station-Id = "000c.f135.f1ba" > Cisco-AVPair = "ssid=VLAN3" > Service-Type = Login-User > Message-Authenticator = > 0xb2a3f1fd52d9d6ff9702cc8f1f480f46 > EAP-Message = 0x020600060d00 > NAS-Port-Type = Wireless-802.11 > Cisco-NAS-Port = "260" > NAS-Port = 260 > State = 0x0491685cf8ece3184d685dedfedbb3d4 > NAS-IP-Address = 192.168.9.104 > NAS-Identifier = "ap" > > > but I don't understand if it works... > > > Any idea? > > > Thanks > > > on 06/04/2006 11.39 Sergio Sagliocco said the following: > Hi > I think you have to try in this way (for example): > TEST4 Cisco-AVPair == "ssid=SSID1" , Auth-Type := EAP > Tunnel-Medium-Type = IEEE-802, > Tunnel-Private-Group-Id = 2, > Tunnel-Type = VLAN > DEFAULT Auth-Type := Reject > > if uou want a password: > TEST4 Cisco-AVPair == "ssid=SSID1" ,User-Password="XXXX", Auth-Type := EAP > Tunnel-Medium-Type = IEEE-802, > Tunnel-Private-Group-Id = 2, > Tunnel-Type = VLAN > DEFAULT Auth-Type := Reject > > Regards > sergio > > Antonio Matera wrote: > > > My goal is to have authenticate user only if the SSID is right! > You know how can I do it? > > Thanks > Antonio > > on 05/04/2006 17.33 Sergio Sagliocco said the following: > > > Hello > your goal is authenticate users only if the SSID is rght or to have > different EAP Authentication method based on SSID? > > regards > sergio > > > Antonio Matera wrote: > > > > Hallo, > thanks for the answer. > > With your solution my radius don't authenticate my users.... > Is my configuration correct or I need other change in my radius files? > > Thanks bye > > on 05/04/2006 15.27 Sergio Sagliocco said the following: > > > > Hi > I think you have to use == instead of := > For example: > > DEFAULT Cisco-AVPair == "ssid=testLEAP" , EAP-Type := Cisco-LEAP > > Regards > > > > > - List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > > > ------------------------------------------------------------------------ > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > -- > > ---------------------------------------------- > Antonio Matera > CREATE-NET > Via Solteri, 38 - 38100 Trento > e-mail: [EMAIL PROTECTED] > phone: +39 0461 408400 ext. 305 > fax: +39 0461 421157 > www.create-net.org > ---------------------------------------------- > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
