how to do the dynamic VLAN rewrite according to the username orcalling-station-id?
schilling
schilling2006 at gmail.com
Wed Nov 7 01:58:40 CET 2007
On Nov 6, 2007 5:29 PM, <A.L.M.Buxey at lboro.ac.uk> wrote:
> Hi,
>
> > Thanks for this info. One more step, is there any place in the freeradius
> > configuration file that we can run a script to check the incoming radius
> > request user-name/calling-station-id agaist a file for example
> > youAreBlocked.txt, and then set the above attributes in the reply to the
> > NAS?
>
> rlm_perl, rlm_python or exec - which coding language would you prefer?
> with any of these you can simply run a script which could check the
> attributes and return the correct reply attributes.
This is what I am looking for. Thanks a lot.
Getting to more specifics. We already have enterprise LDAP service.
Can we just add an attribute to the user entry in the ldap which will
like blocked = yes, then we can have the rlm_perl check the ldap user
entry attribute, if blocked == yes, then assign the restricted VLAN
name in the radius reply. Is this normal thing to do? Or have a
group in ldap for blocked users, if user entry group include the
blocked group, then assign restricted VLAN in the radius reply? I
think either way should work.
Thanks for all the reply.
Regards,
shiling
>
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list