Community discussions

MUM Europe 2020
 
anuser
Member
Member
Topic Author
Posts: 420
Joined: Sat Nov 29, 2014 7:27 pm

[SOLVED] RADIUS on RouterOS: "unknown-Attribute (vendor=MT,type=...)

Mon Mar 07, 2016 6:20 pm

I still have problems getting the "Mikrotik_Wireless_VLANID" and "Mikrotik_Wireless_VLANIDtype" recognized by RouterOS.

- I have an Microsoft server which sends the user defined attributes / custom VSAs with "type 26 and type 27) to a freeradius server

- On the freeradius within /etc/raddb/mods-config/attr_filter/post-proxy I added:
Mikrotik_Wireless_VLANID =* ANY,
Mikrotik_Wireless_VLANIDtype =* ANY
- Let´s look at the Access-Accept on the freeradius: cat /var/log/radius/radacct/.../post-proxy-detail-20160209
Tue Feb  9 08:58:53 2016
Packet-Type = Access-Accept
Proxy-State = 0x313839
Mikrotik_Wireless_VLANID = 743
Mikrotik_Wireless_VLANIDtype = 0
[...]
=> This looks fine. Freeradius recognizes the attributes.



- What does RouterOS receive:
received Access-Accept with id 189 from [...]
Unknown-Attribute(vendor=MT, type=26) = 0x000002e7 
Unknown-Attribute(vendor=MT, type=27) = 0x00000000
Signatue = [...]
Framed-MTU = 1300
EAP-Message = [...]
MS-MPPE-Send-Key = [...]
MS-MPPE-Recv-Key = [...]
Message-Authenticator = [...]
 
=> Unknown attributes? Why doesn´t recognize RouterOS its own Mikrotik attributes at all? Do I have to import the dictionary file into RouterOS like I did on the freeradius server?
Last edited by anuser on Wed Mar 09, 2016 6:07 pm, edited 1 time in total.
 
User avatar
pukkita
Trainer
Trainer
Posts: 2997
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: RADIUS on RouterOS: "unknown-Attribute (vendor=MT,type=...)

Tue Mar 08, 2016 11:49 pm

No, AFAIK ROS doesn't offer the possibility of importing third party dictionaries.

Could it be that ROS expects an integer value, and is being passed a string?

A full debug while running radiusd -X will also help.
Simplicity is the Ultimate Sophistication - Da Vinci
Getting the most out of this forum
 
User avatar
pukkita
Trainer
Trainer
Posts: 2997
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: RADIUS on RouterOS: "unknown-Attribute (vendor=MT,type=...)

Wed Mar 09, 2016 11:43 am

FYI, according to http://wiki.mikrotik.com/wiki/Manual:In ... AN_tagging :
You can configure your RADIUS authentication server to assign users or groups of users to a specific VLAN when they authenticate to the network. To use this option you will need to use RADIUS attributes.

Note: In case to use this option you must enable wireless-fp or wireless-cm2 package.
Maybe that (wireless package used) is related to the unknown attribute.
Simplicity is the Ultimate Sophistication - Da Vinci
Getting the most out of this forum
 
anuser
Member
Member
Topic Author
Posts: 420
Joined: Sat Nov 29, 2014 7:27 pm

Re: RADIUS on RouterOS: "unknown-Attribute (vendor=MT,type=...)

Wed Mar 09, 2016 6:06 pm

That´s it I had to use wireless-cm2 package, i.e. CAPSMAN2
(It works, but still shows unknown-Attribute (vendor=MT,type=...))

Thanks!
 
User avatar
pukkita
Trainer
Trainer
Posts: 2997
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: [SOLVED] RADIUS on RouterOS: "unknown-Attribute (vendor=MT,type=...)

Wed Mar 09, 2016 6:14 pm

Glad it helped! :D

If debugging is still showing "unknown parameter", generate a supout in the system while such radius transaction is happening, and send it to support at mikrotik attaching it and pointing to this post (or including the info you already posted) with a subject like "Cosmetic Radius Bug" or alike.
Simplicity is the Ultimate Sophistication - Da Vinci
Getting the most out of this forum

Who is online

Users browsing this forum: No registered users and 28 guests