atributing VLANs to roaming users
Matthew Newton
mcn4 at leicester.ac.uk
Thu Apr 5 22:45:40 CEST 2012
Hi,
On Thu, Apr 05, 2012 at 05:09:18PM +0100, Rui Ribeiro wrote:
> I am having some problems with freeradius 2.1.12 and eduroam;
> whilst the local users are authenticated properly and given a
> specific VLAN, I haven´t been able to do the same to roaming
> (proxied) users.
>
> I have tried to place the following unlang code at the end of
> post-proxy, and in another separate test, at the end of
> post-auth, without much success.
> if ( Realm != "myreal" ) {
Assuming Realm is set correctly, you probably want
if ( "%{Realm}" != "myreal" ) {
update reply {
Tunnel-Type := VLAN
Tunnel-Medium-Type := IEEE-802
Tunnel-Private-Group-Id := 216
}
}
> Any hints of fellow eduroamers?
In our outer (default) post-auth, I do something like (this is simplified
slightly from what we actually run):
update reply {
Tunnel-Type := 13
Tunnel-Medium-Type := 6
}
switch "%{Stripped-User-Realm}" {
# These realms are local users
case 'leicester.ac.uk' {
update reply {
Tunnel-Private-Group-Id := <local eduroam users vlan>
}
}
case 'le.ac.uk' {
update reply {
Tunnel-Private-Group-Id := <local eduroam users vlan>
}
}
# Case for other realm - put on to visitors VLAN
case {
update reply {
Tunnel-Private-Group-Id := <eduroam visitor vlan>
}
}
}
(I set Stripped-User-Realm earlier with unlang.)
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list