In the users file do this:<br><br>DEFAULT Ldap-Group == "cn=InsideGroup,o=Base"<br> Reply-Message = "Your a member of the Inside Group",<br> Tunnel-Medium-Type = IEEE-802,<br> Tunnel-Type = VLAN,<br>
Tunnel-Private-Group-ID = 11,<br> Fall-Through = No<br><br>DEFAULT Auth-Type == "LDAP"<br> Reply-Message = "You did not match a LDAP Group",<br> Tunnel-Medium-Type = IEEE-802,<br>
Tunnel-Type = VLAN,<br> Tunnel-Private-Group-ID = 99<br><br>All members of the InsideGroup will get the first group of attributes and the FreeRadius will stop looking.<br>Everyone else who authenticated through LDAP will get the second group of attributes.<br>
<br>Bob<br><br><div class="gmail_quote">On Thu, Mar 18, 2010 at 8:59 AM, omega bk <span dir="ltr"><<a href="mailto:omegabk@gmail.com">omegabk@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
hi,<br><br><span><span title="supposons que le switch ne gère pas le "auth-fail" , est-ce possible dans le fichier users de mettre une condition du genre: si la personne qui essaye de s'authentifier n'appartient pas au groupe x alors lui assigner le vlan">assume
that the switch does not support the "auth-fail" and has 2 vlan ( vlan inside and vlan outside ), is it possible in the
users file to put a condition like:<br><br>if (user belong to Ldap-group=inside)<br> assign to vlan = inside<br>else <br> assign to vlan = outside<br><br>is that possible ?<br><br><br>thanks<br><br> <br><br></span></span>
<br>-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br></blockquote></div><br><br clear="all"><br>-- <br>The problem with socialism is that you eventually run out of other people's money. - Margaret Thatcher<br>
<br>