LDAP Authorization & different VLAN
Dusty Doris
freeradius at mail.doris.cc
Tue Jul 19 17:56:07 CEST 2005
> Hi,
>
> I have made a system of authorization with freeradius 1.0.4 based on
> LDAP attribute radiusGroupName and it works perfectly!
>
> Now I have this problem:
>
> I have on my access points two VLAN named data and students. I want to
> create different group for the authorization to access to this VLANs.
> Example, I want that who have the attribute radiusGroupName = WLANdata
> can access to the VLAN "data"; and who have the attribute
> radiusGroupName=WLANstudents can access to the VLAN "students".
>
> How I can configure the huntgroups file? or I need to configure the
> users file?
>
> Thanks and excuse me for my english,
> Felice
I'm assuming you mean that if someone has radiusgroupname=WLANStudents,
then you want to assign them to that VLAN. Is that correct?
If so, you need to find out what radius attributes you need to send back
to the access point to assign them to that VLAN. Then you can use the
users file to set that up.
For example.
DEFAULT Ldap-Group == WLANstudents
SomeAttribute = SomeValue
DEFAULT Ldap-Group == WLANdata
SomeAttribute = OtherValue
Make sense?
The SomeAttribute is some radius attribute that your NAS expects back that
will assign them to a VLAN. The SomeValue and OtherValue are the values
you would return that would specify which VLAN they should be in. You'll
have to check the documentation of your AccessPoint to figure out what
that attribute/value pair should be.
More information about the Freeradius-Users
mailing list