Setting VLAN based on ldap attribute id
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Thu Jun 20 14:53:32 CEST 2013
On 20 Jun 2013, at 13:25, Thomas Hermarij Maimann Andersen <than at itu.dk> wrote:
> Hi,
>
> I've been reading the mailing list for a few days and tried to see if there are any posts resempling mine. There are a few "almost" but noting that has got me that final step.
>
> Currently i have a radius server authenticating with ntlm to an AD.
> What I wan't now, is to assign a VLAN to the user based on ExtensionAttribute1, which is set to a numeric value which represents the VLAN id. E.g. 1001
>
> I am currently messing with sites-enabled/default in the post-auth section where I try to set Tunnel-Private-Group-Id to the number they have in their attribute, but I have no clue on how to link that.
Use git HEAD:
https://github.com/FreeRADIUS/freeradius-server/blob/master/raddb/mods-available/ldap#L55
There's an example of setting the the VLAN in the default configuration.
In post-auth you can add something like
if (reply:Tunnel-Private-Group-ID) {
update reply {
Tunnel-Type := "VLAN"
Tunnel-Medium-Type := "IEEE-802"
}
}
Or in v2 you can use the attrmap file (and the above). Or the above and LDAP xlat.
-Arran
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
More information about the Freeradius-Users
mailing list