Dynamic VLAN with AD/LDAP - Best Practice / preferred option?
Ggatten at waddell.com
Tue Apr 27 01:50:55 CEST 2010
I currently have FR v2.1.6 (Yes, I'll upgrade...) running on RHEL5. I'm authenticating VPN users and Ci$co device shell access using SAMBA/ntlm_auth integration. "Everything" is working fine.
My next task is assigning Dynamic VLAN ID's. I have some test accounts/ports working using the "users" file, but I'm ready to take the next step to deploy DVLANs company wide, and want to assign the ID based on an AD/LDAP attribute.
I prefer not to extend the schema and ideally would be able to assign the VLAN ID based on a "Group" attribute - so I don't have to go back and populate some attribute for a couple thousand users.
Anyway, there are numerous posts about this issue / similar issues. I'm wondering if there is a "Best Practice" method or "Preferred" method to accomplish this? A method known to work better than another or works as well as anything but is "easy" to implement, etc. Or, is this one of those things where there is a dozen right answers and I just need to pick one and do it?
Any thoughts appreciated!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Freeradius-Users