ldap filter depending on NAS
tnt at kalik.net
tnt at kalik.net
Wed Apr 22 17:43:27 CEST 2009
> No, I have set them up to checkItems:
> checkItem Tunnel-Type:0 radiusTunnelType
> checkItem Tunnel-Medium-Type:0 radiusTunnelMediumType
> checkItem Tunnel-Private-Group-Id:0 radiusTunnelPrivateGroupId
>
And what is the point of that? Why do you care what VLAN is in the
request? You should set up VLAN in the reply. Also, checking NAS-Port
makes very little sense. NAS-Port has a role in accounting but it's of
very little use during authentication. Mac (Calling-Station-Id) is the
only thing worth checking.
Don't bother with checking tunnel attributes - use them just in the reply.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list