It is hard to say exactly why it isn't adding it in without seeing some actual
configuration or server debugging text, but there are a few areas you can
check.
First, make sure that you have the dictionary with that radius attribute
loaded. It should be loaded by default, but it doesn't hurt to check that the
dictionaries are being loaded. With a quick search it looks like it the
attribute you want is in the file "dictionary.rfc2865" named "Filter-Id". I
don't have a copy of FreeRadius 1.x's dictionaries around, but the attribute
name might have changed slightly in the 2.x series - make sure you are
referring to it correctly.
Next, make sure that you are populating Filter-Id as a reply attribute - are
you setting it through a LDAP attribute map, from SQL's radreply or
radgroupreply tables, or some other method? If you think you are, then I would
suggest running your radius server in debug mode (./radiusd -X) and watching an
authentication and see why or why not it is being added to the radius reply.
If that still doesn't work, for testing, you can add the following lines into
your post-auth section of the server config to add the attribute to all
completed and accepted requests.
update reply {
Filter-Id := "student"
}
You also might try the FreeRadius listserv for support as well (make sure to
include configuration snippets and debugging output), or email me direct with
the same.
Chris Wieringa
>>> On 4/3/2012 at 2:42 PM, "Wright, Don" <[email protected]> wrote:
> We have been testing with the latest version 2.x of FreeRadius and are
> having trouble passing the Filter-ID information back to our Aruba
> controllers. Note the packet traces below show the missing Filter-ID in
> the 2.x version, and where it is present on our functioning version 1.x
> FreeRadius servers. My systems people have tried different configuration
> settings on the server based on the documentation they are looking at, but
> without any positive results so far.
> Does anyone have an idea of what setting might resolve this, or can
> point us to documentation that shows how this works? Thanks in advance for
> any help.
>
> Don Wright
> Brown University
>
> From Version 1.x server:
>
> 16:04:51.121056 IP (tos 0x0, ttl 64, id 0, offset 0, flags
> [DF], proto: UDP (17), length: 207) 10.4.28.15.1645 >
> 128.148.10.104.32797: RADIUS, length: 179
> *Access Accept (2)*, id: 0xaa, Authenticator:
> c85628210672caeedf2c8e3ade84cdfa
> *Filter ID Attribute (11), length: 9, Value: student*
> Vendor Specific Attribute (26), length: 58, Value: Vendor:
> Microsoft (311) [|radius] [|radius]
>
>
> From Version 2.x server:
>
> 15:39:34.337535 IP (tos 0x0, ttl 64, id 59206, offset 0, flags
> [none], proto: UDP (17), length: 197) 10.4.28.12.1645 >
> 128.148.10.104.33828: RADIUS, length: 169
> *Access Accept (2)*, id: 0xbf,
> Authenticator: 85c2f9f515ee8ff6a8bee1d88cae243c
> Vendor Specific Attribute (26), length: 58, Value: Vendor:
> Microsoft (311) [|radius] [|radius]
>
> **********
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
--
--
Chris Wieringa
[email protected]
Sr. Systems Engineer
Calvin Information Technology
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
