freeradius vlan assigment with two ldap group

Zenon Matuszyk zenon.matuszyk at networkers.pl
Fri Sep 15 15:54:58 CEST 2017


I have two groups and if the user is in one of the groups connects to 
the VLAN 200 if it is connected to another vlan 216. If the user uses a 
different domain then it is also logged into the vlan 216 as in the case 
of eduroam but we have it in several buildings and everyone has his 
radius. Below my users file



I do not know if I explain it well


DEFAULT Realm == Null
         Auth-Type := Reject
DEFAULT Realm == NULL, Client-IP-Address == 149.XXX.XXX.XXX
         Auth-Type := Reject
DEFAULT Realm == NULL, Client-IP-Address == 149.XXX.XXX.XXX
         Auth-Type := Reject

DEFAULT LDAP-Group := "cn=my_wifi,cn=Users,cn=company,cn=network,cn=local"
         Tunnel-Type = VLAN,
         Tunnel-Medium-Type = IEEE-802,
         Tunnel-Private-Group-Id := "200",
         Reply-Message="YYYY HIT: my_wifi"

DEFAULT LDAP-Group := "cn=eguest,cn=Users,cn=company,cn=network,cn=local"
         Tunnel-Type = VLAN,
         Tunnel-Medium-Type = IEEE-802,
         Tunnel-Private-Group-Id := "216",
         Reply-Message="XXXX HIT: guest"


DEFAULT FreeRadius-Proxied-To == 127.0.0.1, Proxy-to-Realm := LOCAL
          Fall-Through = Yes,
         Tunnel-Private-Group-Id :=216,
         Tunnel-Medium-Type = IEEE-802,
         Tunnel-Type = VLAN

DEFAULT Realm == "pl", Client-IP-Address == 149.XXX.XXX.XXX
         Auth-Type := Reject

DEFAULT Realm == "pl", Client-IP-Address == 149.XXX.XXX.XXX
         Auth-Type := Reject


W dniu 15.09.2017 o 14:43, Alan DeKok pisze:
> On Sep 15, 2017, at 8:28 AM, Zenon Matuszyk <zenon.matuszyk at networkers.pl> wrote:
>> I probably resolv this problem with warning, but user login and is thrown in to vlan 200 and can't see where is problem.
>    Again... READING the debug output is useful.  You seem to be giving up without reading it.  That's a bad approach.
>
>    You said you had issues with multiple entries in the "users" file.  So... look at how it processes the "users" file.  This shouldn't be difficult.
>
>> ++[eap] = updated
>> [files] users: Matched entry DEFAULT at line 12
>    What is that entry?  What did you change in the "users" file?
>
>    I'll also note that you say you have problems with multiple entries in the "users" file... but you don't say what you did.  This means your messages are pretty much:
>
> 	Hi, I did things and it doesn't work.  How do I fix it?
>
>    Such messages are unhelpful.  If you can't describe what you did, we can't help you.
>
>    Alan DeKo.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-- 
Z poważaniem / Yours sincerely
Zenon Matuszyk
mobile: 00 48 797 004 938
e-mail: zenon.matuszyk at networkers.pl
www: http://www.networkers.pl



More information about the Freeradius-Users mailing list