problems with dynamic vlan assignment
Eric Doutreleau
Eric.Doutreleau at it-sudparis.eu
Thu Sep 16 16:26:47 CEST 2010
Le 16/09/2010 15:34, Phil Mayers a écrit :
> On 16/09/10 10:16, Eric Doutreleau wrote:
>> thanks for your replay
>>
>> here what i did
>>
>> in the ldap.attrmap i put
>> checkItem User-Category eduPersonPrimaryAffiliation
>
> checkItem means "put the attribute into the check/config items list".
>
> Looking at the source code, I see that rlm_ldap can't update the request
> item list.
>
>>
>> in the user file i did
>> DEFAULT
>> Tunnel-Type := VLAN,
>> Tunnel-Medium-Type := IEEE-802,
>> Tunnel-Private-Group-Id = 901,
>> Fall-Through = Yes
>>
>> DEFAULT User-Category == "student"
>> Reply-Message = "Your a member of the student Group",
>> Tunnel-Private-Group-Id = 902
>
> This means "match User-Category in the request items list", which is not
> the list you've put it in.
>
> "files" syntax cannot do comparisons against check/config or reply
> items, and LDAP can only put items into check/config or reply. You will
> therefore have to use an "unlang" syntax as per my previous email:
>
> authorize {
> ...
> ldap
> if (control:User-Category == ...) {
> ...
> }
> }
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
Thanks Phil that s what i will do
More information about the Freeradius-Users
mailing list