On 19 Jul 2013, at 15:10, Dario Palmisano <[email protected]> wrote:
> On Friday 19 July 2013 15:49:55 Arran Cudbard-Bell wrote: >> On 19 Jul 2013, at 14:37, Dario Palmisano <[email protected]> wrote: >>> Hello Everybody, >>> >>> I am configuring my freeradius to be integrated in the EDUROAM >>> federation. It works when the VLAN (as configured in the accesspoint) is >>> statically assigned. >>> >>> Now I would like to implement a "dynamic vlan assignment" on a per user >>> basis; in this case the Macintosh I am using for test gets authenticated >>> but is not able to get the ip address frm DHCP (it shows as >>> 169.254.120.248), so remaing isolated. >>> >>> I carefully followed instructions (regarding the accesspoint and >>> freeradius) and searched the web for a possible reason, but >>> unsuccessfully. >>> >>> I am not sure the problem is not in the accesspoint configuration (a >>> CISCO AP1131AG), anyway the accesspoint receives the indication to use >>> the specified vlan. >> >> You want to post the contents of an Access-Accept so we can check you're >> sending the correct attributes >> >> Arran Cudbard-Bell <[email protected]> >> FreeRADIUS Development Team >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > Here you can download the (almost complete) debug log. Near the end I added a > text to make evident when I disconnected. > > http://webshare.icgeb.org//data/public/ce2e2ee9fbd84c362fd49b10805b36c8.php?lang=en For everyone following along at home: Sending Access-Accept of id 189 to 172.16.254.45 port 1645 Tunnel-Type:0 := VLAN Tunnel-Medium-Type:0 := IEEE-802 Tunnel-Private-Group-Id:0 := "220" User-Name = "palmi" MS-MPPE-Recv-Key = 0xf308f970d2507771e30d0f1cc87c6d35ab9a6c65b56dfec2141f50273d6045ff MS-MPPE-Send-Key = 0xa68961323bdf00916cf8ee1043d99477eeaf6a46de78f1101234e9a8a5faf8e2 EAP-Message = 0x030a0004 Message-Authenticator = 0x00000000000000000000000000000000 Which looks ok to me. I'm guessing VLAN 220 is actually configured on the NAS? Some also require you to send back 'Service-Type = Framed-User'. Arran Cudbard-Bell <[email protected]> FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
