Freeradius Assigning Vlan

fvt3 fvt3 at yahoo.com
Mon Jun 19 02:43:42 CEST 2006


I want to assign vlan base on ldap group and this is
my setup.  I have multiple instances of ldap in the
module section.


ldap ldap1{
           }

ldap ldap2{
           }

l

authorize {
Autz-Type LDAP1{
ldap_ldap1
}

Autz-Type LDAP2{
ldap_ldap2
}
}


To assign vlan, in the users file I have


DEFAULT ldap_ldap1-Ldap-Group == "xx", Autz-Type :=
LDAP1, Auth-Type := LDAP1

        Fall-Through = No,
         Reply-Message = "Active D"
DEFAULT  ldap_ldap2-Ldap-Group == "people", Autz-Type
:= LDAP2, Auth-Type = LDAP2
        Fall-Through = No,
        Reply-Message = "LDAP"


When I run radius in debug mode, I saw that it found
the ldap group "rlm_ldap: Entering ldap_groupcmp()"
and it successfully bind to ldap.  However, when
searching for group, I am getting these errors
"rlm_ldap::ldap_groupcmp: Group not found or user is
not a member."
"rlm_ldap: object not found or got ambiguous search
result".  Am I getting this error because the
groupmembership filter is incorrect?  Anyone knows
what the problem is?


--- fvt3 <fvt3 at yahoo.com> wrote:

> Hi,
> 
> How do I assign vlan base on authentication method.
> Say if user is authenticated from ldap1 assign
> vlan1,
> if user is authenticated from ldap2 assign vlan2. 
> How
> do I configure radius to do this?
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam
> protection around 
> http://mail.yahoo.com 
> - 
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 



More information about the Freeradius-Users mailing list