LDAP check attributes
Antonio Matera
antonio.matera at create-net.it
Wed May 17 11:51:42 CEST 2006
> My Ldap base contains attributes SSID for each users. Because my NAS
> sends its vendor-specific containing the SSID where wants to connect the
> users. And at each request for authentification, the module authorize
> (radiusd.conf) call Ldap (with the filter) to compare the `uid' and
> `SSID'. If the SSID sent by the NAS corresponds at the SSID stored in
> Ldap: freeradius sends ‘accept’, if not it sends a ‘reject’.
>
> But you want that it is the switch Cisco which redirects the user in
> such or such SSID according to SSID'S corresponding to the attributes
> Tunnel-Medium-Type, Tunnel-Private-Group-Id, Tunnel-Type.?
My solution is similar to yours, but I haven't SSID attributes for each
users. I use the replyItem to redirect the user connection to the
correct VLAN. But if the replyItem works, why I can't do a check of one
attribute with the checkItem? what is wrong in my configuration?
For example, if I use the user file authentication without ldap with
this users:
test2 Cisco-AVPair == "ssid=VLAN2", User-Password == "passwd2"
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = 2,
Tunnel-Type = VLAN
test3 User-Password == "passwd3"
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = 3,
Tunnel-Type = VLAN
test2 can connect to vlan2 only with ssid=VLAN2.
test3 can connect to vlan3 with any ssid.
This configuration works ed I want the same using only ldap module
without user file.
I hope that my explanation is clear.
Bye Antonio
More information about the Freeradius-Users
mailing list