assigning vlan based on LDAP attribute
Matt Ashfield
mda at unb.ca
Wed Sep 27 18:07:13 CEST 2006
I'm a bit confused on this one.
I want my users vlan'd based on their affiliation (ie, staff, student) In my
radiusd.conf file, under ldap, I've put:
groupmembership_attribute = eduPersonPrimaryAffiliation
Do I need to do more in my radiusd.conf file than that?
I assume this means assign them to a group based on the value stored in the
LDAP field eduPersonPrimaryAffiliation
I then added to my users file:
DEFAULT Huntgroup-Name == myAP, Ldap-Group == staff
User-Name=`%{User-Name}`,
Tunnel-Medium-Type=IEEE-802,
Tunnel-Private-Group-Id=2,
Tunnel-Type=VLAN,
Fall-Through = no
But this doesn't seem to work. My staff users do not get assigned to vlan 2.
Do I need to make a huntgroup for myAP?
If there's a link to an overview or something, it would be much appreciated.
Any help is appreciated.
Thanks
Matt
mda at unb.ca
-----Original Message-----
From: Thibault Le Meur [mailto:Thibault.LeMeur at supelec.fr]
Sent: July 28, 2006 5:37 PM
To: FreeRadius users mailing list; Thibault Le Meur
Cc: mda at unb.ca; FreeRadius users mailing list
Subject: Re: assigning vlan based on LDAP attribute
> One way to do that is to use LDAP groups. If your users are in
> dedicated LDAP groups, then a rule like the following in your "users"
> file will do the trick:
> DEFAULT Huntgroup-Name == myAP, Ldap-Group == Engineering
> User-Name=`%{User-Name}`,
> radiusTunnelMediumType: IEEE-802
> radiusTunnelType: VLAN
> radiusTunnelPrivateGroupId: 2
> Fall-Through = no
Sorry... my mistake, use the following rule instead:
DEFAULT Huntgroup-Name == myAP, Ldap-Group == Engineering
User-Name=`%{User-Name}`,
Tunnel-Medium-Type=IEEE-802
Tunnel-Private-Group-Id=2
Tunnel-Type=VLAN
Fall-Through = no
Thibault
More information about the Freeradius-Users
mailing list