fr group howto

tnt at kalik.net tnt at kalik.net
Wed Dec 10 12:10:15 CET 2008


>> 2. I don't expand the vlanXY schema, I get user info(by samaccname)
>> contains "member of" attr, and in the freeradius user file I create
>> group. If group in the users file equals "member of" attrib send back
>> the vlan info to the switch:
>> (i know it is not good yet)
>> DEFAULT Ldap-Group == "cn=vlan10,ou=vlans,dc=test,dc=hu"
>>                Tunnel-Type = VLAN,
>>                Tunnel-Medium-Type = IEEE-802,
>>                Tunnel-Private-Group-Id = 10,
>>                Reply-Message = "You are in vlan 10"
>>
>> ldap modul:
>> groupname_attribute = cn
>> groupmembership_filter =
>> "(&(memberof=cn=vlan10,ou=vlans,dc=test,dc=hu)(samaccountname=%{mschap:user-name}))"
>>
>> ## i know it is bad, but what is the good
>>

I would go with that option.

>how can i make query for this:
>search for vlan(one group) which member's samaccountname equals "hege"
>

Read a ldap manual. Something like:

http://docs.sun.com/source/816-6696-10/cmdline.html#14656

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list