authenticating question

Matt Ashfield mda at unb.ca
Wed Oct 25 15:43:47 CEST 2006


Hi all,

This is probably a bit newbie-ish, but I thought I'd try anyway. We are
trying to authenticate users based on the username/password given AND the
vlan they are authenticating from. Is this possible?

A quick overview of our scenario is as follows:
- Wireless service offering an SSID/VLAN for students and SSID/VLAN for
staff.
- Users connect to an SSID and are in the vlan associated for it. They are
redirected to a portal where they must authenticate using radius - to -ldap
authentication.

We have this working. However, the question came up..what if a student
connects to the Staff  SSID/VLAN. His username/password would still
authenticate correctly and he'd be given access at this point. But if we
could get Radius to check and LDAP field which say which vlan he has access
to, and allow or deny access to the network if the user is not currently in
that vlan, then I guess that would be the ideal solution.

Any suggestions are welcome.

Thanks

Matt
mda at unb.ca 






More information about the Freeradius-Users mailing list