"Bill Carr" <bcarr@commsolutions.com> wrote:
My pseudo-code thought process is outlined below (I'm not a coder, would never profess to be; thus my post!):
if NAS-Port-Type == "Wireless - IEEE 802.11"
then
Tunnel-Medium-Type == IEEE-802 Tunnel-Type == VLAN
if Filter-ID =~ "Internet-Restricted"
That won't work. The NAS doesn't send Filter-Id. You've got to configure the server to send the correct response back.
My reading thus far has lead me to test my reply attribute requirements from the "users" file and that works perfectly. If someone could point me in a simple direction on how to strip/rewrite the attributes based on the 'authorization' reply from LDAP, I'd be indebted.
I don't see why that's necessary. Configuring the server to do something, then re-do what it already did as something else, is a bad idea. It's hard to configure, and prone to problems. Instead, configure the server to match on something, and send a reply. It's a lot easier.
I've seen examples of profiles stored on LDAP, but I'm curious how I could choose a different profile based upon the "NAS-Port-Type" received in the Access-Request
You put the NAS-Port-Type into the LDAP query. That's hwy the queries are configurable. Alan DeKok.