ldap filter depending on NAS

Matthieu Lazaro matthieu.lazaro at eservglobal.com
Fri Apr 24 12:04:16 CEST 2009


tnt at kalik.net a écrit :
>> I am now trying to figure how to have the replyItem in my accept-accept
>> message.
>>
>>     
>
> Just map appropriate attributes in ldap.attrmap as replyItem. I can see
> tunnel attributes in default ldap.attrmap in stable branch now, so that
> will be there in future. For PEAP you should list ldap only in
> inner-tunnel server (you don't even need it in default server for that
> protocol) and enable use_tunneled_reply in peap section of eap.conf in
> order to get tunnel attributes in the final Access-Accept. If you are
> going to check Calling-Station-Id enable copy_request_to_tunnel as well.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>   
Hello,

Thanks for your prompt reply. Everything is working now!!!

Just had to figure out that the switch needed 3 items to be able to
change VLAN and not only Tunnel-Private-Group-ID (
http://wiki.freeradius.org/HP#ProCurve_port_authentication_special_features
):
Tunnel-Type
Tunnel-Medium-Type
Tunnel-Private-Group-ID

I also cleaned my configuration files between default and inner-tunnel.

I have been able to check Calling-Station-Id *only* using the checkval
module. I hope this is normal.

Again, thank you very much!

Best regards,

Matt



More information about the Freeradius-Users mailing list