assigning vlan based on LDAP attribute
Thibault Le Meur
Thibault.LeMeur at supelec.fr
Wed Sep 27 19:03:17 CEST 2006
>
> My ldap section from radiusd.conf looks like:
> ldap {
> server = "ldapserver.net.org"
> identity = "uid=name,dc=net,dc=org"
> password = password
> basedn = "ou=stuffdc=net,dc=org"
> filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
> start_tls = no
> dictionary_mapping = ${raddbdir}/ldap.attrmap
> ldap_connections_number = 5
> password_attribute = userPassword
> groupmembership_attribute =
> eduPersonPrimaryAffiliation
> timeout = 4
> timelimit = 3
> net_timeout = 1
> }
It seems ok to me...
>
> My users file contains the following at the end:
> DEFAULT Huntgroup-Name == myAP, Ldap-Group == staff
> User-Name=`%{User-Name}`,
> Tunnel-Medium-Type=IEEE-802,
> Tunnel-Private-Group-Id=2,
> Tunnel-Type=VLAN,
> Fall-Through = no
>
> My huntgroups file has:
> myAP NAS-IP-Address == x.x.x.141
>
> In my Debug I noticed that although I have them commented out
> of radiusd.conf, I still see:
> Debug: ldap: groupname_attribute = "cn"
> Debug: ldap: groupmembership_filter =
> "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(obje
> ctClass=GroupO
> fUniqueNames)(uniquemember=%{Ldap-UserDn})))"
Strange...
> You asked:
> * is your AP accepting Tunnel-Private-Group-Id=2 (I've got AP
> which uses other format). How do I check that?
Check in your AP documentation ?
But this format is the most commonly used, so I don't think this is the
issue.
Can you send a more complete debug.
Thibault
More information about the Freeradius-Users
mailing list