Reply To: radius attributes

#52593

redfive
Participant

I wrote to Fulvio , and he told me that in the next release, probably this behavior will be fixed…:)
The issue was found also with TekRadius here…Cisco ACS allows , by a drop-down menu, to set the TAG field in the radius IETF attributes…
Btw , I found a workaround, sure “dirty”… a lot !!, … I copied /usr/local/share/freeradius/* in /Database/usr/local/share/freeradius/, then I edited /Database/usr/local/share/freeradius/dictionary.rfc2868 by removing “has_tag” to the attributes 64,65 and 81 as follows

ATTRIBUTE       Tunnel-Type                             64      integer
ATTRIBUTE Tunnel-Medium-Type 65 integer
ATTRIBUTE Tunnel-Client-Endpoint 66 string has_tag
ATTRIBUTE Tunnel-Server-Endpoint 67 string has_tag

ATTRIBUTE Tunnel-Password 69 string has_tag,encrypt=2

ATTRIBUTE Tunnel-Private-Group-Id 81 string

given a mount–bind “/Database/usr/local/share/freeradius” “/usr/local/share/freeradius”, restarted the radius-server. The dynamic vlan assignment is ok with the cisco SF-308 as well as with the catalyst 2960. Also added mount–bind “/Database/usr/local/share/freeradius” “/usr/local/shar/freeradius” in pre-boot, and after reboot, authentication is always ok . I do not know how much is this correct, but it seems that functions, and so far I have not encountered problems … so far!
greetings