groupmembership and vlan assignment
Matt Ashfield
mda at unb.ca
Mon Jul 28 18:31:26 CEST 2008
Nobody replied to my original post, and I got to thinking, would I be able
to use wildcards in my users file to achieve this when looking for which
Ldap-Group the user has been placed in?
i.e.
DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Huntgroup-Name == UNBFWSS,
unbldap-Ldap-Group =~ ".*staff1", Autz-Type := Ldap1, Auth-Type := Ldap1
Where unbldap-Ldap-Group gets set via
groupmembership_attribute = eduPersonPrimaryAffiliation
and eduPersonEntitlement: urn:mace:uni.ca:wireless?vlan=staff1 in LDAP
Thanks
Matt Ashfield
mda at unb.ca
From: freeradius-users-bounces+mda=unb.ca at lists.freeradius.org
[mailto:freeradius-users-bounces+mda=unb.ca at lists.freeradius.org] On Behalf
Of Matt Ashfield
Sent: Wednesday, July 23, 2008 10:29 AM
To: 'FreeRadius users mailing list'
Subject: groupmembership and vlan assignment
Hello
We have been using the groupmembership attribute in radius.conf to assign
users to the appropriate vlans. Up until now we've done it based on the type
of LDAP user they are (ie, staff, student, faculty, etc..):
groupmembership_attribute = eduPersonPrimaryAffiliation, (where
eduPersonPrimaryAffliation=staff, student, facult, etc..)
Unfortunately, our student vlans have grown significantly large and we want
to take measures to make them smaller. We have looked into using LDAP
entitlement fields. There are however a few issues here:
- The eduPersonEntitlement attribute is not unique. A user record
can have multiple instances of this attribute for each different entitlement
they have.
- The eduPersonEntitlement attribute has a value that is not simply
the name of a vlan. It is typically something like:
eduPersonEntitlement: urn:mace:uni.ca:wireless?vlan=student1
So I'd need to parse the value as well to pull out the vlan name, in this
case "student1".
I'm unsure how to get around these two issues. Any suggestions are welcome.
Thanks
Matt
mda at unb.ca
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080728/57b4c6a0/attachment.html>
More information about the Freeradius-Users
mailing list