Hi!
Our current setup is the following:
UniFi WiFi AP does EAP-PEAP against a freeradius (user source is LDAP). Freeradius delivers VLAN und Class information to the UniFi System which then sends a radius accounting request including, besides others, User-Name, Classes and Framed-IP-Address to the freeradius server. The freeradius server forwards the accounting package to our Fortigate firewall und thus the Fortigate authorizes the user/IP-address and assigns a usergroup according to the Class attribute.
I want to replace UniFi by CAPsMAN. My test setup works well (VLANS assigned correctly, etc.), except that no Framed-IP-Address is included in the accounting package that CAPsMAN generates. Thus the Fortigate firewall cannot authorize the User/IP-Address combination.
Is this solvable?
Thanks, Mike