(RADIATOR) AddToReply tagged-integer/string syntax question

Hugh Irvine hugh at open.com.au
Wed Apr 7 17:30:51 CDT 2004


Hello Michael -

You can only have one AddToReply line (using the "\" for continuation).

<Realm /dot1x/i>
         AcctLogFileName         %L/detail
         RejectHasReason
         <AuthBy FILE>
                 Filename %D/dot1x_users
                 EAPType MD5-Challenge
         </AuthBy>
         AddToReply      Tunnel-Type="\000VLAN", \
		 Tunnel-Medium-Type="\000802", \
		 Tunnel-Private-Group-Id="\000VLAN0252"
         AuthLog myauthlogger
</Realm>

regards

Hugh


On 8 Apr 2004, at 02:35, Michael Ting wrote:

>
>
>   The same message sent out two days ago doesn't seem to go through.
> Therefore, I am sending it again hopefully to receive some help. So
> far, I couldn't get Cisco Cat4006 to change its VLAN# by the radiator.
> That's why I would like to make sure the syntax being correct first.
>
>
>   Does the AddToReply syntax below look right, anyone?   Thanks!
>
> <Realm /dot1x/i>
>         AcctLogFileName         %L/detail
>         RejectHasReason
>         <AuthBy FILE>
>                 Filename %D/dot1x_users
>                 EAPType MD5-Challenge
>         </AuthBy>
>         AddToReply      Tunnel-Type="\000VLAN",
>         AddToReply      Tunnel-Medium-Type="\000802",
>         AddToReply      Tunnel-Private-Group-Id="\000VLAN0252"
>         AuthLog myauthlogger
> </Realm>
>
>
> Michael
>
> -----Original Message-----
> From: Michael Ting [mailto:sting at boulder.nist.gov]
> Sent: Monday, April 05, 2004 12:10 PM
> To: radiator at open.com.au
> Subject: AddToReply tagged-integer/string syntax question
>
>
>
> -------------------from Cisco Configuring CatOS 802.1x
> Authentication-----------------
> In order for the 802.1x VLAN assignment using a RADIUS server to  
> successfully
> complete,
> the RADIUS server must return the following three RFC 2868 attributes  
> back to
> the
> authenticator (the Cisco switch to which the host attaches):
>
> [64] Tunnel-Type = VLAN
> [65] Tunnel-Medium-Type = 802
> [81] Tunnel-Private-Group-Id = VLAN NAME
> Attribute [64] must contain the value "VLAN" (type 13). Attribute [65]  
> must
> contain
> the value "802" (type 6). Attribute [81] specifies the VLAN name in  
> which the
> successfully authenticated 802.1x host should be put.
> ----------------------------------------------------------------------- 
> ---------
> ------
>
>   Does the AddToReply syntax below look right, anyone?   Thanks!
>
> <Realm /dot1x/i>
>         AcctLogFileName         %L/detail
>         RejectHasReason
>         <AuthBy FILE>
>                 Filename %D/dot1x_users
>                 EAPType MD5-Challenge
>         </AuthBy>
>         AddToReply      Tunnel-Type="\000VLAN"
>         AddToReply      Tunnel-Medium-Type="\000802"
>         AddToReply      Tunnel-Private-Group-Id="\000VLAN0252"
>         AuthLog myauthlogger
> </Realm>
>
>
> Michael
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list