freeradius and vlan assignment
Bob Brandt
bob at brandt.ie
Thu Mar 18 10:38:43 CET 2010
In the users file do this:
DEFAULT Ldap-Group == "cn=InsideGroup,o=Base"
Reply-Message = "Your a member of the Inside Group",
Tunnel-Medium-Type = IEEE-802,
Tunnel-Type = VLAN,
Tunnel-Private-Group-ID = 11,
Fall-Through = No
DEFAULT Auth-Type == "LDAP"
Reply-Message = "You did not match a LDAP Group",
Tunnel-Medium-Type = IEEE-802,
Tunnel-Type = VLAN,
Tunnel-Private-Group-ID = 99
All members of the InsideGroup will get the first group of attributes and
the FreeRadius will stop looking.
Everyone else who authenticated through LDAP will get the second group of
attributes.
Bob
On Thu, Mar 18, 2010 at 8:59 AM, omega bk <omegabk at gmail.com> wrote:
> hi,
>
> assume that the switch does not support the "auth-fail" and has 2 vlan (
> vlan inside and vlan outside ), is it possible in the users file to put a
> condition like:
>
> if (user belong to Ldap-group=inside)
> assign to vlan = inside
> else
> assign to vlan = outside
>
> is that possible ?
>
>
> thanks
>
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
--
The problem with socialism is that you eventually run out of other people's
money. - Margaret Thatcher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100318/e178e31e/attachment.html>
More information about the Freeradius-Users
mailing list