Hi Folk,
I have activated attr_filter for a realm (dr4.cnrs.fr) and want users
from that realm to have 2 possible values of VLANs (VISITEUR or SIRC)
Here is my attr_file:
dr4.cnrs.fr
Service-Type == Login-User,
Framed-IP-Address == 255.255.255.254,
Framed-MTU >= 576,
Proxy-State =* ANY,
Reply-Message =* ANY,
EAP-Message =* ANY,
Message-Authenticator =* ANY,
State =* ANY,
Session-Timeout <= 28800,
Idle-Timeout <= 600,
Port-Limit <= 2,
Proxy-State =* ANY,
MS-MPPE-Recv-Key =* ANY,
MS-MPPE-Send-Key =* ANY,
User-Name =* ANY,
Called-Station-Id =* ANY,
Calling-Station-Id =* ANY,
NAS-Port-Type =* ANY,
NAS-Port =* ANY,
NAS-IP-Address =* ANY,
NAS-Identifier =* ANY,
Framed-Filter-ID =* ANY,
Tunnel-Type == VLAN,
# Tunnel-Type =* ANY,
Tunnel-Medium-Type == IEEE-802,
# Tunnel-Medium-Type =* ANY,
Trapeze-VLAN-Name == VISITEUR,
Trapeze-VLAN-Name == SIRC,
# Trapeze-VLAN-Name =* ANY,
Tunnel-Private-Group-Id == VISITEUR,
Tunnel-Private-Group-Id == SIRC
# Tunnel-Private-Group-Id =* ANY
When i test the connexion with my account (my attribute
Tunnel-Private-Group-Id = Trapeze-VLAN-Name = VISITEUR), the
authentification is OK but radius server do not send this attribute to
the NAS: they are filtered and they should not.
When I set those attributes to * ANY, every thing works well.
I don't understand this behaviour.
Thanks for any ideas/help
--
Mustapha BOUIKHIF
Service Systèmes d'Information
CNRS - DR4
tel: +33 1 69 82 33 97
fax: +33 1 69 82 33 39
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
