ldap filter depending on NAS
Matthieu Lazaro
matthieu.lazaro at eservglobal.com
Wed Apr 22 12:29:57 CEST 2009
Alan DeKok a écrit :
> Your examples are pretty close to "do stuff when I see stuff". It's a
> grammatically correct English sentence, but nearly meaningless.
>
> Alan DeKok.
>
> -
>
Ok, So I will try to make myself clear.
Here is one policy that I wish to make work.
1- a client connects to a 802.1x protected VLAN ID 10 ( per port basis
configuration on the switch)
--> this client has some of the following LDAP attributes:
uid = bobalice
radiusTunnelPrivateGroupID = 20
radiusTunnelType = VLAN
radiusMediumType = IEEE-802
radiusCallingStationId = 00-21-42-42-87-b1
radiusUserCategory = ADMIN
2- Fisrt I want to checkthe following attributes, and if not correct,
reject the user:
radiusTunnelType = VLAN
radiusMediumType = IEEE-802
radiusCallingStationId = 00-21-42-42-87-b1
radiusUserCategory = ADMIN
3- Then I want to authenticate and authorise the user if login/password
are correct
4 - Then Move him into the appropriate VLAN ID 20 instead of ID10 based
on this attribute:
radiusTunnelPrivateGroupID = 20
For now, I only have been able to make work the RadiusCallingStationId
using checkval.
Hoping this is much much more precise and clearer, I really wish to
discover what am I missing.
Best Regards,
Matt
More information about the Freeradius-Users
mailing list