<HTML><HEAD>
<META content="text/html; charset=iso-8859-15" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.7600.16671"></HEAD>
<BODY style="MARGIN: 4px 4px 1px; FONT: 10pt Segoe UI">
<DIV>Hi Bob,</DIV>
<DIV> </DIV>
<DIV> I do have this running successfully with eDir. I am guessing you are using the eDir Radius schema extensions? Also, if you are using Cisco equipment, you have to send the vlan name, not the ID. Not sure if other switches require the ID.</DIV>
<DIV> </DIV>
<DIV>
<DIV>Brett Littrell</DIV>
<DIV>Network Manager</DIV>
<DIV>MUSD</DIV>
<DIV>CISSP, CCSP, CCVP, MCNE</DIV><BR><BR>>>> On Thursday, February 10, 2011 at 1:24 AM, in message <AANLkTi=wZUiMZ+65y3-qzvzDpcvdwp8F4Fhht-B+-9+f@mail.gmail.com>, Bob Brandt <bob@brandt.ie> wrote:<BR></DIV>
<TABLE style="MARGIN: 0px 0px 0px 15px; FONT-SIZE: 1em" border=0 bgColor=#f3f3f3>
<TBODY>
<TR>
<TD>
<DIV style="BORDER-LEFT: #050505 1px solid; PADDING-LEFT: 7px">Not sure if there isn't another forum or mailing list for rlm_python specifically, but...<BR><BR>I have been using freeradius for a while now with great results, thanks!<BR><BR>We are using a very simple configuration to authenticate users against LDAP (eDirectory) and that part works great! I am trying to add a component that will return the necessary attributes to allow for dynamic VLANs<BR><BR>I was able to get this working using the /etc/raddb/users file, however do to the size of the organization, this is very messy. I have started using python to extract this information from another database and return the information.<BR><BR>All my testing seems to indicate it should work, but it is not. I believe the problem is in how rlm_python returns the "Tunnel-Private-Group-Id" attribute.<BR><BR>My users file (which works) looks like this:<BR><BR># Generic LDAP return attributes <BR>DEFAULT Auth-Type == "LDAP" <BR>Class = "Staff", <BR>Service-Type = Login, <BR>Tunnel-Medium-Type = IEEE-802, <BR>Tunnel-Type = VLAN, <BR>Tunnel-Private-Group-ID = 99, <BR>Fall-Through = Yes <BR><BR>brandtb<BR>Reply-Message += "You are a member of the IT Group",<BR>Class := "CACS:0/ebf42/ac8c8e6/administrator",<BR>Tunnel-Private-Group-ID := 150,<BR>Alcatel-Lucent-Asa-Access = "all",<BR>Fall-Through = No<BR><BR>Below are the two snipets of the debugs. The first is from the old(working) system which uses the users file and the second is from the new system using the rlm_python module:<BR><BR>Sending Access-Challenge of id 172 to 10.200.113.99 port 18699<BR>Class := 0x434143533a302f65626634322f616338633865362f61646d696e6973747261746f72<BR>Service-Type = Login-User<BR>Tunnel-Medium-Type:0 = IEEE-802<BR>Tunnel-Type:0 = VLAN<BR>Tunnel-Private-Group-Id:0 := "150"<BR>Reply-Message += "You are a member of the IT Group"<BR>EAP-Message = 0x010200061920<BR>Message-Authenticator = 0x00000000000000000000000000000000<BR>State = 0xc146d1a4c144c80f46bec9bc87d3208b<BR>Finished request 0.<BR><BR>-----<BR><BR>Sending Access-Challenge of id 130 to 10.200.113.99 port 18673<BR>Reply-Message = "You are a member of the IT Group"<BR>Tunnel-Type:0 = VLAN<BR>Class = 0x4f50575374616666<BR>Class = 0x434143533a302f65626634322f616338633865362f61646d696e6973747261746f72<BR>Tunnel-Medium-Type:0 = IEEE-802<BR>Service-Type = Login-User<BR>Tunnel-Private-Group-Id:0 = "150"<BR>EAP-Message = 0x010200061920<BR>Message-Authenticator = 0x00000000000000000000000000000000<BR>State = 0x8cd4aac48cd6b3a6430ea766ccfa9b91<BR>Finished request 0.<BR><BR>The debug output looks for the most part identical! <BR><BR>Now, initially when using the users file, I had the same problem I am having now, where the wireless access point was getting the attributes but was not putting me in the correct VLAN. The problem turned out that I was passing a string to the "Tunnel-Private-Group-Id" attribute instead of an integer. Once I removed the quotes from the VLAN ID everything was working perfectly.<BR><BR>Thinking that the problem was that within Python I was storing the "Tunnel-Private-Group-Id" attribute as a string I changed it to an integer, however I got immediately got the error:<BR><BR>return tuple must be (str,str)<BR><BR>I don't know who to get around this and I have not been able to find too many examples of how to use the rlm_python module. Any help would be greatly appreciated.<BR><BR>Thanks<BR>Bob Brandt<BR><BR><BR><BR clear=all><BR>-- <BR>What's the point of having a rapier wit if I can't use it to stab people? - Jeph Jacques<BR></DIV></TD></TR></TBODY></TABLE></BODY></HTML>