|
Hello, I am trying to implement
a Nomadix AG-5000 public NAS in a in a network with an existing FreeRADIUS
server. The environment is as
follows: -
The customer wants
nomadix to make public authentication (with captive portal and
PAP) for guest users, and employees who can’t use the protected
wireless network working with WPA-Enterprise authentication. - The employees´ user names and passwords are
stored in a LDAP structure. -
There is a freeRADIUS v
1.0.5 server which asks that LDAP structure for authentication. So the Nomadix is
configured as RADIUS client, connected to the FreeRADIUS server. I have
tested the connection with test users stored in freeRADIUS´ “users”
file, and everything worked fine. The problem starts with the Access-Accept
RADIUS message. This message includes some tunnel attributes stored in the
LDAP, which are necessary for the other networks to work properly. But the
Nomadix does not understand those attributes and drops the Access-Accept
messages, resulting in a failed authentication. The solution I’m
thinking about is to remove this tunnel atributes of the Access-Accept
message should they be sent to the Nomadix. I’ve read about
rlm_attr_filter, but I don’t know how to configure it to remove tunnel
attribures should the Nomadix be acting as the NAS. File /etc/raddb/attrs: DEFAULT
Packet-type =* ANY,
EAP-Message =* ANY,
User-Name =* ANY,
Message-Authenticator =* ANY,
State =* ANY,
Tunnel-Type := VLAN,
Tunnel-Medium-Type := IEEE-802
Tunnel-Private-Group-Id
:= “ Thank you in advance, Ignacio Siles Ingeniero de Telecomunicaciones Libera Networks Avda. Juan López Peñalver, 21. PTA 29590 Campanillas (MÁLAGA) T: +34 951010529 - F: +34 951010542 |
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
