Post-Auth LDAP with computer names rather than usernames
Matthew Newton
mcn at freeradius.org
Fri Oct 19 22:13:38 CEST 2018
On Fri, 2018-10-19 at 20:06 +0000, Kevin Virk wrote:
> I currently have dynamic vlans working with post-auth user
> authentication but my boss would like to do it based off computer
> name. I have searched and become a little confused as how to proceed.
> In the LDAP conf do I change stripped username to stripped computer
> name or is it more complicated than that?
It's more complicated than that.
What attributes are in the request?
If the computer name is there, you can use it. If it's not there,
then... you can't. Closest approximation might be the MAC address in
Calling-Station-Id, maybe.
The computer name is usually only included in EAP-TLS when you're using
a certificate with the name of the computer in it. Which sounds
unlikely: you'll have one or the other, and you've got the user name
instead.
--
Matthew
More information about the Freeradius-Users
mailing list