Just one thing to be careful of when running FreeRADIUS is debug mode (radius -X). It will run single threaded and produce very verbose output, READ: performance will be terrible, so run this only during a very slow time or only on a test server.
Ken -- Ken LeCompte - Manager of Information Technology Rutgers University Office of Information Technology Campus Computing Services - Central Systems and Services Office ~ (732) 445-4823 On Apr 3, 2012, at 4:45 PM, Christopher Wieringa wrote: > It is hard to say exactly why it isn't adding it in without seeing some > actual configuration or server debugging text, but there are a few areas you > can check. > > First, make sure that you have the dictionary with that radius attribute > loaded. It should be loaded by default, but it doesn't hurt to check that > the dictionaries are being loaded. With a quick search it looks like it the > attribute you want is in the file "dictionary.rfc2865" named "Filter-Id". I > don't have a copy of FreeRadius 1.x's dictionaries around, but the attribute > name might have changed slightly in the 2.x series - make sure you are > referring to it correctly. > > Next, make sure that you are populating Filter-Id as a reply attribute - are > you setting it through a LDAP attribute map, from SQL's radreply or > radgroupreply tables, or some other method? If you think you are, then I > would suggest running your radius server in debug mode (./radiusd -X) and > watching an authentication and see why or why not it is being added to the > radius reply. > > If that still doesn't work, for testing, you can add the following lines into > your post-auth section of the server config to add the attribute to all > completed and accepted requests. > > update reply { > Filter-Id := "student" > } > > You also might try the FreeRadius listserv for support as well (make sure to > include configuration snippets and debugging output), or email me direct with > the same. > > Chris Wieringa > > >>>> On 4/3/2012 at 2:42 PM, "Wright, Don" <donald_wri...@brown.edu> wrote: >> We have been testing with the latest version 2.x of FreeRadius and are >> having trouble passing the Filter-ID information back to our Aruba >> controllers. Note the packet traces below show the missing Filter-ID in >> the 2.x version, and where it is present on our functioning version 1.x >> FreeRadius servers. My systems people have tried different configuration >> settings on the server based on the documentation they are looking at, but >> without any positive results so far. >> Does anyone have an idea of what setting might resolve this, or can >> point us to documentation that shows how this works? Thanks in advance for >> any help. >> >> Don Wright >> Brown University >> >> From Version 1.x server: >> >> 16:04:51.121056 IP (tos 0x0, ttl 64, id 0, offset 0, flags >> [DF], proto: UDP (17), length: 207) 10.4.28.15.1645 > >> 128.148.10.104.32797: RADIUS, length: 179 >> *Access Accept (2)*, id: 0xaa, Authenticator: >> c85628210672caeedf2c8e3ade84cdfa >> *Filter ID Attribute (11), length: 9, Value: student* >> Vendor Specific Attribute (26), length: 58, Value: Vendor: >> Microsoft (311) [|radius] [|radius] >> >> >> From Version 2.x server: >> >> 15:39:34.337535 IP (tos 0x0, ttl 64, id 59206, offset 0, flags >> [none], proto: UDP (17), length: 197) 10.4.28.12.1645 > >> 128.148.10.104.33828: RADIUS, length: 169 >> *Access Accept (2)*, id: 0xbf, >> Authenticator: 85c2f9f515ee8ff6a8bee1d88cae243c >> Vendor Specific Attribute (26), length: 58, Value: Vendor: >> Microsoft (311) [|radius] [|radius] >> >> ********** >> Participation and subscription information for this EDUCAUSE Constituent >> Group discussion list can be found at http://www.educause.edu/groups/. > > > > -- > -- > Chris Wieringa > cwier...@calvin.edu > Sr. Systems Engineer > Calvin Information Technology > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.