Use update control for VLAN with ntlm_auth
Torsten Wilms
torsten at wilms-ac.de
Wed Oct 14 23:13:07 CEST 2015
Ok. That’s clear now.
But what happened, if you have different Rules?
For example: ntlm_auth, send reply with vlan id 8. For VoIP Devices send reply with vlan id 16 and so on
I think in this case we need to work with perl, because the VoIP Devices are stored in a Database
Or is it wrong?
Thanks a lot
Torsten
On 14/10/15 21:06, "Freeradius-Users on behalf of Scott Armitage" <freeradius-users-bounces+torsten=wilms-ac.de at lists.freeradius.org on behalf of S.P.Armitage at lboro.ac.uk> wrote:
>
>> On 14 Oct 2015, at 17:50, Torsten Wilms <torsten at wilms-ac.de> wrote:
>>
>> Hello @all
>>
>>
>> I use free radius version 3.0.10 and the ntlm_auth for authenticate users via 802.1x over the AD
>> Now i wan’t to setup switches with dynamic VLAN configuration.
>>
>> I tried to use in the authorize section unter default and inner-tunnel
>>
>>
>>
>> How can i use update control if ntlm_auth was successful?
>>
>
>
>This kind of work is done in post-auth. In your inner tunnel add something like:
>
>
>post-auth {
>
> update reply {
> Tunnel-Private-Group-ID := 8
> Tunnel-Type = VLAN
> Tunnel-Medium-Type = IEEE-802
> Session-Timeout = 28800
> Termination-Action = RADIUS-Request
> }
>
>
>
>regards
>
>Scott Armitage
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list