how to do the dynamic VLAN rewrite according to the username orcalling-station-id?

schilling schilling2006 at gmail.com
Wed Nov 7 01:58:40 CET 2007


On Nov 6, 2007 5:29 PM,  <A.L.M.Buxey at lboro.ac.uk> wrote:
> Hi,
>
> > Thanks for this info. One more step, is there any place in the freeradius
> > configuration file that we can run a script to check the incoming radius
> > request user-name/calling-station-id agaist a file for example
> > youAreBlocked.txt, and then set the above attributes in the reply to the
> > NAS?
>
> rlm_perl, rlm_python or exec - which coding language would you prefer?
> with any of these you can simply run a script which could check the
> attributes and return the correct reply attributes.

This is what I am looking for. Thanks a lot.

Getting to more specifics. We already have enterprise LDAP service.
Can we just add an attribute to the user entry in the ldap which will
like blocked = yes, then we can have the rlm_perl check the ldap user
entry attribute, if blocked == yes, then assign the restricted VLAN
name in the radius reply. Is this normal thing to do?   Or have a
group in ldap for blocked users, if user entry group include the
blocked group, then assign restricted VLAN in the radius reply?  I
think either way should work.

Thanks for all the reply.

Regards,

shiling


>
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>



More information about the Freeradius-Users mailing list