Both of my services freeradius and openldap are on the same server. The schema Freeradius is loaded into openldap.
I configured the radiusProfileDN of a user to link to a group. In this group, I have radiusReplyAttribute set to give the informations of the vlan.
- When I use the command
radtest in local (or from the remote and already authenticated client), I recieve an Access-Accept packet (radius protocol) containing the information for the vlan. A wireshark capture show the information for the vlan is in the packet.
LDAP + Radius LDAP + Radius ----- Switch ----- Client
<-------- <-----------------------------
--------> or ----------------------------->
*vlan info* *vlan info*
- When I use the tool
wpa_supplicant (peap-gtc protocol), I authenticate with success but the client port is not added to the vlan group. A wireshark capture show the Access-Accept packet exchanged between the switch and the Radius server dont have the vlan information in it.
LDAP + Radius ----- Switch ----- Client
<------------------ <----------
------------------> ---------->
*no vlan info* wpa_supplicant
From the log of openldap, the same steps are made for the authentication with radtest or wpa_supplicant :
- read access allowed for radiusReplyAttribute on 'mygroup'
- result was in cache (radiusReplyAttribute)
- send_search_entry exit
- send_ldap_result & send_ldap_response
In the ldap server, I tried putting the vlan information directly in the user, or in the already made "variable" for the vlan info but I get the same result.
Do you know where my problem come from ? It seems related to wpa_supplicant using a different protocol than the radtest command and freeradius (maybe I miss a line in the configuration) ?
