ldap filter depending on NAS
tnt at kalik.net
tnt at kalik.net
Wed Apr 22 13:43:26 CEST 2009
> Here is one policy that I wish to make work.
>
> 1- a client connects to a 802.1x protected VLAN ID 10 ( per port basis
> configuration on the switch)
> --> this client has some of the following LDAP attributes:
> uid = bobalice
> radiusTunnelPrivateGroupID = 20
> radiusTunnelType = VLAN
> radiusMediumType = IEEE-802
> radiusCallingStationId = 00-21-42-42-87-b1
> radiusUserCategory = ADMIN
> 2- Fisrt I want to checkthe following attributes, and if not correct,
> reject the user:
> radiusTunnelType = VLAN
> radiusMediumType = IEEE-802
Are those two attributes in the access request? If they are, map them as
check items in ldap.attrmap.
> radiusCallingStationId = 00-21-42-42-87-b1
This is already in ldap.attrmap.
> radiusUserCategory = ADMIN
Where is that suposed to come from?
> 3- Then I want to authenticate and authorise the user if login/password
> are correct
Fine. Nothing to do.
> 4 - Then Move him into the appropriate VLAN ID 20 instead of ID10 based
> on this attribute:
> radiusTunnelPrivateGroupID = 20
Map that as reply item in ldap.attrmap. You will need tunnel and medium
type in the reply as well. So add them too.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list