Dynamic VLAN with AD/LDAP - Best Practice / preferred option?
Peter Lambrechtsen
plambrechtsen at gmail.com
Tue Apr 27 05:56:47 CEST 2010
This may help you.
http://lists.freeradius.org/mailman/htdig/freeradius-users/2009-November/msg00001.html
Using the Postauth_users restricting it via a ldap group should work.
On Tue, Apr 27, 2010 at 11:50 AM, Gary Gatten <Ggatten at waddell.com> wrote:
> Hello all,
>
>
>
> I currently have FR v2.1.6 (Yes, I’ll upgrade…) running on RHEL5. I’m
> authenticating VPN users and Ci$co device shell access using SAMBA/ntlm_auth
> integration. “Everything” is working fine.
>
>
>
> My next task is assigning Dynamic VLAN ID’s. I have some test
> accounts/ports working using the “users” file, but I’m ready to take the
> next step to deploy DVLANs company wide, and want to assign the ID based on
> an AD/LDAP attribute.
>
>
>
> I prefer not to extend the schema and ideally would be able to assign the
> VLAN ID based on a “Group” attribute – so I don’t have to go back and
> populate some attribute for a couple thousand users.
>
>
>
> Anyway, there are numerous posts about this issue / similar issues. I’m
> wondering if there is a “Best Practice” method or “Preferred” method to
> accomplish this? A method known to work better than another or works as
> well as anything but is “easy” to implement, etc. Or, is this one of those
> things where there is a dozen right answers and I just need to pick one and
> do it?
>
>
>
> Any thoughts appreciated!
>
>
>
> TIA!
>
>
>
> Gary
>
>
>
>
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100427/7ee3e270/attachment.html>
More information about the Freeradius-Users
mailing list