Dynamic VLAN attribute in LDAP or AD?
Rokkhan
rokkhan at gmail.com
Tue Aug 18 21:30:22 CEST 2009
Where coudl I put this code Authorize, autenticate, postatuh, ldap module?
2009/8/18 Jason Alderfer <jha2 at emu.edu>:
>
>> So, I'm trying to use 802.1x dynamic VLAN assignment. I have this
>> working when I conf the "users" file. However, I don't want to
>> create/maintain the users file for 2,000 users!
>>
>> Is there an attribute in AD / LDAP I can use for the dynamic VLAN?
>> Ideally I could do this at the "Group" level, such that when a user
>> moves from one group to another their automagically assigned to the
>> correct VLAN.
>
> If you're using version 2.0.5 or higher you can do this with unlang as
> follows. This example sets the vlan based on the user's DN, but you
> should be able to modify it to look at your group membership attribute.
> Repeat for all relevant ldap groups.
>
> if (control:Ldap-UserDn =~ /ou=div,o=org/i) {
> update reply {
> Tunnel-Type := "VLAN"
> Tunnel-Medium-Type := "IEEE-802"
> Tunnel-Private-Group-Id := 9
> }
> }
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list