Assign Vlan based on Inner Identity
Phil Mayers
p.mayers at imperial.ac.uk
Thu May 3 21:49:24 CEST 2007
Matt Ashfield wrote:
> Hi All
> I doubt my original post was doable, , it probably doesn't make sense to ask
> FR to be able to force Inner=Outer identity.
>
> In that case, would it be possible to perform authorization based on the
> Inner identity instead of the Outer identity?
Sure. See the "copy_request_to_tunnel" (which you may need) and
"use_tunneled_reply" (which you will need) config option on the
particular EAP type you're using, and put something like this into play:
DEFAULT Freeradius-Proxied-To == 127.0.0.1, Autz-Type = "INNER"
...then in authorize:
authorize {
preprocess
files
Autz-Type INNER {
sql/ldap/files_2/whatever adds the vlan tag
}
}
More information about the Freeradius-Users
mailing list