Autz-type LDAP, Auth-Type MSCHAP possible ? (for vlan assignment)
LEOSI
radius at pronetis.fr
Wed Feb 18 15:23:11 CET 2009
tnt-4 wrote:
>
> So do it. You don't need to force any Auth or Autz types. Set up the
> group membership filter in ldap module. It will give you Ldap-Group
> which you can use to assign vlans:
>
> DEFAULT Ldap-Group == something
> some tunnel attributes
>
> DEFAULT Ldap-Group == something_else
> some other tunnel attributes
>
- User file new looks like :
DEFAULT Ldap-Group == "cn=vlan1,ou=vlans,dc=test,dc=fr", Autz-Type := LDAP
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = 2,
Reply-Message = "ok"
- Into the sites-enabled/default & inner-tunnel :
authorize {
preprocess
Autz-Type LDAP {
ldap
}
eap {
ok = return
}
files
ldap
expiration
logintime
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
eap
}
In conclusion, the supplicant got an access-accept but nothing else (like
the vlan #2 assignment).
Regards,
--
View this message in context: http://www.nabble.com/Autz-type-LDAP%2C-Auth-Type-MSCHAP-possible---%28for-vlan-assignment%29-tp22076072p22079789.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list