I just follow the steps. Create group, add users to the group.
and create Remote Access Policy in IAS(Internet Authenticate Service).Does it
in right place???
,edit policy and apply policy to this group.
But freeradius can not get the VLAN information from AD.
Thanks.
[EMAIL PROTECTED] 写道:
Since you are using AD to store user profile this is an AD, not
freeradius question. Create a (vlan) group; add users/groups to the
group; create Remote Access Policy; apply policy to this group; edit the
policy to include those Tunnel attributes in dial-in profile; do the
same for every VLAN.
Ivan Kalik
Kalik Informatika ISP
Dana 2/8/2007, "Hangjun He" pi�e:
>Hi,
> We use peap + AP + fr + AD to authenticate user. Now It can work. But I
> need to get VLAN from freeradius for different user or group.
> How should I do?? Please give me some advice, Thanks.
>
> I saw below debug info from maillist, from these info I guess freeradius can
> set VLAN for user or group.
>
>
> Ready to process requests.
>rad_recv: Access-Request packet from host 192.168.1.1:1645, id=38, length=149
> User-Name = "DOMAIN\\testuser"
> Service-Type = Framed-User
> Framed-MTU = 1500
> Called-Station-Id = "00-19-AA-2C-8F-03"
> Calling-Station-Id = "00-08-74-46-2A-A5"
> EAP-Message = 0x0202001601434f5250524f4f545c7467646f72686531
> Message-Authenticator = 0x9bc11b6f6182f53f6428ad12c48d8f10
> NAS-Port = 50001
> NAS-Port-Type = Ethernet
> NAS-IP-Address = 192.168.1.1
> Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 0
> rlm_eap: EAP packet type response id 2 length 22
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 0
> users: Matched entry DEFAULT at line 1
> modcall[authorize]: module "files" returns ok for request 0
>modcall: leaving group authorize (returns updated) for request 0
> rad_check_password: Found Auth-Type EAP
>auth: type "EAP"
> Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 0
> rlm_eap: EAP Identity
> rlm_eap: processing type tls
> rlm_eap_tls: Initiate
> rlm_eap_tls: Start returned 1
> modcall[authenticate]: module "eap" returns handled for request 0
>modcall: leaving group authenticate (returns handled) for request 0
>Sending Access-Challenge of id 38 to 192.168.1.1 port 1645
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "vlanX"
> EAP-Message = 0x010300061920
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x67c75e29c6b4d8d32c662ce2d154d277
>Finished request 0
>Going to the next request
>--- Walking the entire request list ---
>Waking up in 6 seconds...
>
>
>
>
>
>---------------------------------
> 雅虎免费邮箱3.5G容量,20M附件!
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
---------------------------------
雅虎免费邮箱3.5G容量,20M附件!-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
