ldap filter depending on NAS
Alan DeKok
aland at deployingradius.com
Wed Apr 22 11:57:27 CEST 2009
Matthieu Lazaro wrote:
> Yet, I have not been able to:
> - Tell the NAS to change the VLAN depending on LDAP account info,
> - Tell the NAS to change the SSiD + VLAN depending on user LDAP account
> - Filter MAC + MEDIUM TYPE + PORT Number depending on LDAP account info
Perhaps part of the problem is that your requirements are vague to the
point of being unhelpful.
> Also, the reply messages like "call your helpdesk" doesn't work.
Who's told you that>
> And honestly, I don't know where to start.
Start by defining your policies in a DETAILED manner:
- when I see a packet containing User-Name "foo"
- look up THIS in THAT database using SOME information
- return these attributes to the NAS: (Foo = Bar, Other = whatever)
If you don't have a clear definition of what you want to do and when
you want to do it, you will be unable to get *anything* done.
e.g. "Tell the NAS to change the VLAN depending on LDAP account info,"
WHAT "ldap account info"? Figure that out. Figure out what
information you need to query that data in LDAP. Figure out what you
are going to do with the results. And then find out how to assign VLANs.
And you can't tell the NAS to change SSID's. It's impossible.
What does this mean?
"Filter MAC + MEDIUM TYPE + PORT Number depending on LDAP account info"
What is "Filter mac"? Allow? Disallow? Do... what?
Your examples are pretty close to "do stuff when I see stuff". It's a
grammatically correct English sentence, but nearly meaningless.
Alan DeKok.
More information about the Freeradius-Users
mailing list