Dynamic VLAN attribute in LDAP or AD?

Rokkhan rokkhan at gmail.com
Tue Aug 18 21:30:22 CEST 2009


Where coudl I put this code Authorize, autenticate, postatuh, ldap module?


2009/8/18 Jason Alderfer <jha2 at emu.edu>:
>
>> So, I'm trying to use 802.1x dynamic VLAN assignment.  I have this
>> working when I conf the "users" file.  However, I don't want to
>> create/maintain the users file for 2,000 users!
>>
>> Is there an attribute in AD / LDAP I can use for the dynamic VLAN?
>> Ideally I could do this at the "Group" level, such that when a user
>> moves from one group to another their automagically assigned to the
>> correct VLAN.
>
> If you're using version 2.0.5 or higher you can do this with unlang as
> follows.  This example sets the vlan based on the user's DN, but you
> should be able to modify it to look at your group membership attribute.
> Repeat for all relevant ldap groups.
>
> if (control:Ldap-UserDn =~ /ou=div,o=org/i) {
>        update reply {
>             Tunnel-Type := "VLAN"
>             Tunnel-Medium-Type := "IEEE-802"
>             Tunnel-Private-Group-Id := 9
>        }
> }
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>




More information about the Freeradius-Users mailing list