fr group howto
hegedus.gabor at euroway.hu
Wed Dec 10 11:15:50 CET 2008
Hegedus Gabor wrote:
> Hi all!
> I have 802.1x authentication, which works.
> I want use dynamic vlan assignment:
> The radius authenticate the user (use ntlm_auth)
> and after this, it use ldap to get user indormation form database
> (username=samaccount name).
> ldap.attrmap changes the attributes and send to the switch, it is okay.
> It is not so confortable, I wanna try something else:
> 1. I create groups: vlan21, vlan333, and so on. expand the vlan schema
> with 3 attrib (you know VLAN, IEEE-802, and VLANID). I put users and
> computers to the groups.
> How can I get users vlan info, I can't create ldap query, cos :
> - i have samaccount name what is not the cn, and the "member", "member
> of" attribs are contains cn.
> i don't know how can i do a good query, the good attrib is in vlanXY
> - get vlan? ok but i have just samaccount name, no cn
> - get user? ok but the good attribs is in the vlan group
> 2. I don't expand the vlanXY schema, I get user info(by samaccname)
> contains "member of" attr, and in the freeradius user file I create
> group. If group in the users file equals "member of" attrib send back
> the vlan info to the switch:
> (i know it is not good yet)
> DEFAULT Ldap-Group == "cn=vlan10,ou=vlans,dc=test,dc=hu"
> Tunnel-Type = VLAN,
> Tunnel-Medium-Type = IEEE-802,
> Tunnel-Private-Group-Id = 10,
> Reply-Message = "You are in vlan 10"
> ldap modul:
> groupname_attribute = cn
> groupmembership_filter =
> ## i know it is bad, but what is the good
> do you understand what i want?
> I test both prospect, pls help
> Thx Gabor
> List info/subscribe/unsubscribe? See
(login name = samaccountname = hege)
how can i make query for this:
search for vlan(one group) which member's samaccountname equals "hege"
member: CN=hegedus gab,CN=Users,DC=test,DC=hu
dn: CN=hegedus gab,CN=Users,DC=test,DC=hu
cn: hegedus gab
distinguishedName: CN=hegedus gab,CN=Users,DC=test,DC=hu
displayName: hegedus gab
name: hegedus gab
userPrincipalName: hege at test.hu
More information about the Freeradius-Users