VLAN Queries [SEC=UNCLASSIFIED]

Jacob Jarick mem.namefix at gmail.com
Thu May 3 04:10:23 CEST 2007 

Thanks Frank your a wealth of info. I will test it out once Ive
finished the cgi frontend for freeradius Ive been askes to code.

On 5/3/07, Ranner, Frank MR <Frank.Ranner at defence.gov.au> wrote:
> > -----Original Message-----
> > From:
> > freeradius-users-bounces+frank.ranner=defence.gov.au at lists.fre
> eradius.org [mailto:freeradius-users->
> bounces+frank.ranner=defence.gov.au at lists.freeradius.org] On
> > Behalf Of Jacob Jarick
> > Sent: Wednesday, 2 May 2007 18:28
> > To: FreeRadius users mailing list
> > Subject: VLAN Queries
> >
> > Salutations all,
> >
> > I will be attempting VLAN assignment tomorrow via FR + ADS +
> > cisco wap.
> >
> > 1st Question: Is it possible to assign VLAN based solely on
> > what ldap server authorized it. (The sites we are looking @
> > have 1 domain server for staff and 1 for students).
> >
> > 2: Ive been looking @ Mat Ashfields email query regarding
> > vlans, it looks nice and straight forward to me, my only
> > query: Is the ldap group automatically fetched or is some
> > extra configuration needed under the ldap modules or ldap.attrbmap.
> >
> > Mats Example:
> >
> > DEFAULT Huntgroup-Name == mySWITCH1, Ldap-Group == staff
> >       User-Name=`%{User-Name}`,
> >       Tunnel-Private-Group-Id=176,
> >       Tunnel-Type=VLAN,
> >       Fall-Through = no
> >
> > DEFAULT Huntgroup-Name == mySWITCH1, Ldap-Group == student
> >       User-Name=`%{User-Name}`,
> >       Tunnel-Private-Group-Id=177,
> >       Tunnel-Type=VLAN,
> >       Fall-Through = no
> >
>
> An ldap group query is triggered by the presence of the Ldap-Group
> attribute in the users file. The query uses the groupmembership_filter
> to locate the entry relevent to the user and matches the groupname in
> the
> groupmembership_attribute. For active directory, you probably want the
> memberOf attribute in the person record.
>
> Something like (radiusd.conf):
> groupmembership_filter =
> "(samaccountname=%{Stripped-User-Name:-%{User-Name}})"
> groupname_attribute = memberOf
>
>
> Regards
> Frank Ranner
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list