ldap filter depending on NAS

Alan DeKok aland at deployingradius.com
Thu Apr 23 12:54:43 CEST 2009


Matthieu Lazaro wrote:
> I think we didn't understand each other and this is probably because my
> questions are not clear enough because I have such precise idea of what
> I want radius to do.

   I disagree that that is the cause of the confusion.

> I should have explained the problem the other way round maybe.
> Furthermore, I never though that it was"crappy" software and I actually
> thinks it's amazing what we can do with it and it seems like it is
> unlimited.
> But it is very complex, and there is lot of different actors in the
> process that must be taken into account ( like the supplicant, the NAS,
> the backends (ldap, sql,etc..)).

  It also requires you to UNDERSTAND how it works.  Without that step,
there's no point in doing anything else.

> I try to ask my questions more precisely:
>  * what are the radius ldap attributes meant for? Is only for accounting
> or can we use them for something else?

  Nothing in any of my messages said anything about the LDAP attributes
being used only for accounting.  Yet here you are... ignoring all of my
comments about what those attributes do, and inventing that they are
"only for accounting".

  This is known as "being rude".  You might disagree, but the reality is
you've gone out of your way to ignore, distort, and misinterpret what
I've said.

>  *  I have understood that it is better to put the user directly in the
> correct VLAN rather than checking his request and deny him: do I have to
> do something special in Radius to forward LDAP  attributes info to the
> switch?

  I've been trying to explain it.  If you haven't gotten it by now, it's
clear that I am incapable of helping you.

  Alan DeKok.



More information about the Freeradius-Users mailing list