Dynamic Vlan Allocation based on LDAP Attribute Value
Michael Schwartzkopff
misch at multinet.de
Fri Feb 13 11:12:02 CET 2009
Am Freitag, 13. Februar 2009 11:00:10 schrieb Paul Dealy:
> On Fri, Feb 13, 2009 at 6:37 PM, Michael Schwartzkopff
>
> <misch at multinet.de> wrote:
> > Am Freitag, 13. Februar 2009 07:17:17 schrieb Paul Dealy:
> >> I have a working radius server (ver 1.1.3). which I am using for
> >> 802.1x authentication of wired switch ports. I would like to
> >> dynamically assign users vlans. I have cisco gear and have achieved
> >> basic vlan allocation by configuring a Default entry in the users
> >> file. So the vlan allocation part works ok.
> >>
> >> What I want to be able to do is allocate the vlan by matching the
> >> value of an LDAP attribute. Not by group membership, but the actual
> >> value of a users attribute. Is this possible?
> >>
> >> Cheers,
> >> Dealy
> >
> > Yes. Just assign these attributes to the user object in LDAP.
>
> I have a value set for an attribute in LDAP, how do I "extract" the
> value from the attribute and do a comparison on it in the users file
> so I can set the VLAN?
Hi,
I don't remember exactly what I did on version 1. Please see:
http://vuksan.com/linux/dot1x/802-1x-LDAP.html
for some hints.
I had something like
DEFAULT Auth-Type .= LDAP
Reply-Message = "Auth by LADP"
in my users file. Other attributes stored in an object of objectClass
radiusprofile should be added automatically to the Reply attributes.
It is much simpler in verison 2 of FreeRADIUS. It nearly works out of the box.
Just uncomment the ldap part in authorization and authentication sections.
Greetings,
--
Dr. Michael Schwartzkopff
MultiNET Services GmbH
Addresse: Bretonischer Ring 7; 85630 Grasbrunn; Germany
Tel: +49 - 89 - 45 69 11 0
Fax: +49 - 89 - 45 69 11 21
mob: +49 - 174 - 343 28 75
mail: misch at multinet.de
web: www.multinet.de
Sitz der Gesellschaft: 85630 Grasbrunn
Registergericht: Amtsgericht München HRB 114375
Geschäftsführer: Günter Jurgeneit, Hubert Martens
---
PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B
Skype: misch42
More information about the Freeradius-Users
mailing list