Updating Reply Attributes in authenticate section
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Thu May 2 00:36:46 CEST 2013
Hi,
> elsif (Ldap-Group == "netCoreClass-finance") {
> update reply {
> Tunnel-Private-Group-Id:1 := 124
> }
> }
> Authentication is against Active Directory. So while a user may get
> assigned to a VLAN based of their group membership, if they fail to
> actually authenticate I want to change what VLAN they are assigned to
> (want to put them into a guest VLAN).
> How can I update reply attributes further down the chain?
else {
update reply {
Tunnel-Private-Group-Id:1 := 666
}
> The reason I am doing this is I have an old Cisco wireless LAN controller
> that can't fall back to MAC 802.1x authentication. Therefore if a user
> fails with their credentials they fail to authenticate all together. So
> when coming from the wireless LAN controller I want always Accept.
what type of system is this? 802.1X ? if so, then you cant just blindly Access-Accept
EAP auths if they've got incorrect user/pass - the WPA/WPA2 enterprise key is derived from
mutual agreement.
if, however, this is just eg PAP with some captive portal thing then that'd work.
alan
More information about the Freeradius-Users
mailing list