Just one thing to be careful of when running FreeRADIUS is debug mode (radius
-X). It will run single threaded and produce very verbose output, READ:
performance will be terrible, so run this only during a very slow time or only
on a test server.
Ken
--
Ken LeCompte - Manager of Information Technology
Rutgers University Office of Information Technology
Campus Computing Services - Central Systems and Services
Office ~ (732) 445-4823
On Apr 3, 2012, at 4:45 PM, Christopher Wieringa wrote:
> It is hard to say exactly why it isn't adding it in without seeing some
> actual configuration or server debugging text, but there are a few areas you
> can check.
>
> First, make sure that you have the dictionary with that radius attribute
> loaded. It should be loaded by default, but it doesn't hurt to check that
> the dictionaries are being loaded. With a quick search it looks like it the
> attribute you want is in the file "dictionary.rfc2865" named "Filter-Id". I
> don't have a copy of FreeRadius 1.x's dictionaries around, but the attribute
> name might have changed slightly in the 2.x series - make sure you are
> referring to it correctly.
>
> Next, make sure that you are populating Filter-Id as a reply attribute - are
> you setting it through a LDAP attribute map, from SQL's radreply or
> radgroupreply tables, or some other method? If you think you are, then I
> would suggest running your radius server in debug mode (./radiusd -X) and
> watching an authentication and see why or why not it is being added to the
> radius reply.
>
> If that still doesn't work, for testing, you can add the following lines into
> your post-auth section of the server config to add the attribute to all
> completed and accepted requests.
>
> update reply {
> Filter-Id := "student"
> }
>
> You also might try the FreeRadius listserv for support as well (make sure to
> include configuration snippets and debugging output), or email me direct with
> the same.
>
> Chris Wieringa
>
>
>>>> On 4/3/2012 at 2:42 PM, "Wright, Don" <[email protected]> wrote:
>> We have been testing with the latest version 2.x of FreeRadius and are
>> having trouble passing the Filter-ID information back to our Aruba
>> controllers. Note the packet traces below show the missing Filter-ID in
>> the 2.x version, and where it is present on our functioning version 1.x
>> FreeRadius servers. My systems people have tried different configuration
>> settings on the server based on the documentation they are looking at, but
>> without any positive results so far.
>> Does anyone have an idea of what setting might resolve this, or can
>> point us to documentation that shows how this works? Thanks in advance for
>> any help.
>>
>> Don Wright
>> Brown University
>>
>> From Version 1.x server:
>>
>> 16:04:51.121056 IP (tos 0x0, ttl 64, id 0, offset 0, flags
>> [DF], proto: UDP (17), length: 207) 10.4.28.15.1645 >
>> 128.148.10.104.32797: RADIUS, length: 179
>> *Access Accept (2)*, id: 0xaa, Authenticator:
>> c85628210672caeedf2c8e3ade84cdfa
>> *Filter ID Attribute (11), length: 9, Value: student*
>> Vendor Specific Attribute (26), length: 58, Value: Vendor:
>> Microsoft (311) [|radius] [|radius]
>>
>>
>> From Version 2.x server:
>>
>> 15:39:34.337535 IP (tos 0x0, ttl 64, id 59206, offset 0, flags
>> [none], proto: UDP (17), length: 197) 10.4.28.12.1645 >
>> 128.148.10.104.33828: RADIUS, length: 169
>> *Access Accept (2)*, id: 0xbf,
>> Authenticator: 85c2f9f515ee8ff6a8bee1d88cae243c
>> Vendor Specific Attribute (26), length: 58, Value: Vendor:
>> Microsoft (311) [|radius] [|radius]
>>
>> **********
>> Participation and subscription information for this EDUCAUSE Constituent
>> Group discussion list can be found at http://www.educause.edu/groups/.
>
>
>
> --
> --
> Chris Wieringa
> [email protected]
> Sr. Systems Engineer
> Calvin Information Technology
>
> **********
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
