setting user profile depending on realms?

Markus Krause krause at
Wed Jan 17 13:32:38 CET 2007

Hi list!

We have an internal LAN with several VLANs, each corresponding the the  
unix group of the users. This VLAN information is stored in OpenLDAP  
(via radiusprofiledn), and that works :-)
But we want to give our users the possibility to get into a special  
VLAN, in particular one which is called "Internetcafe" (in which the  
can use "special services"). I thought of doing this by adding a realm  
to the username, so the users can either use "username" or  
"username at ic" and gets the appropriate VLAN. To do this i added the  
following line in /etc/raddb/users:

DEFAULT User-Name =~ "@ic$", User-Profile :=  

But this works only if i do not have a radiusprofiledn attribute in  
the users entry in OpenLDAP, otherwise it works.

Is there a way to override the userprofile given back by the  
freeradius if the user adds a "@ic" (or whatever realm) ?
Or is there even a better way to achieve this goal and i am thinking  
in a completly wrong direction?

Thanks in advance for any hints!


Markus Krause                                   email: krause at
Mogli-Soft: Support for Mac OS X, Webmail/Horde, LDAP, RADIUS
by order of the Computing Center of the Max-Planck-Institute of Biochemistry
Tel.: 089 - 89 40 85 99                         Fax.: 089 - 89 40 85 98

      This message was sent using
If you encounter any problems please report to rz-linux at

More information about the Freeradius-Users mailing list