Hi Buxey here is my policy for the SW 192.168.1.1 devicemanager_check { if (Ldap-Group == "DeviceManager") { update { &control:User-Profile ="cn=DeviceManager,ou=Admin,ou=Group,dc=gd,dc=quantum-info,dc=com" } } elsif (Ldap-Group == "Device_Write") { update reply { &control:User-Profile ="cn=Device_Write,ou=Admin,ou=Group,dc=gd,dc=quantum-info,dc=com" } updated } elsif (Ldap-Group == "Device_Review") { update { &control:User-Profile ="cn=Device_Review,ou=Admin,ou=Group,dc=gd,dc=quantum-info,dc=com" } updated } else { update reply { &Reply-Message += "%{User-Name},you are not authorized to access , please confirm that you have the permission..." } reject } } you can see that , when SW sent radius request , it always applied to this Policy check and reject if the user is not the member of the speacific group. what i mean to proivde DAC and NAC to one host is how to make freeradius server to applied to two different policys base on what request type it receive. On 03/21/2016 05:57 PM, A.L.M.Buxey@lboro.ac.uk wrote:
Hi,
what am i suppose to do if i am want to enable switch port dot1x (network access control)on this swtich with the same radius server, read the manual/doc for your switch to ensure that you configure the 802.1X environment on the switch and set relevant required port configuration correctly.
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html