interpret check-Item and change reply-item to set VLAN
Phil Mayers
p.mayers at imperial.ac.uk
Mon Sep 13 16:00:35 CEST 2010
On 09/13/2010 01:44 PM, Michael Bathe wrote:
> Hallo Liste,
>
> is there any how_to or solution to interpret the ldap checkItem and
> change the replyItem (I think in inner-tunnel)?
> f.e.: If the checkItem match one of 'sec11', 'Sec11', 'SEC11'... the
> replyItem should be set to '111'.
>
> ldap.attrmap:
> checkItem Tunnel-Private-Group-Id sectionNetwork
> replyItem Tunnel-Private-Group-Id sectionNetwork
This looks wrong.
>
> the following in users file wont work:
>
> DEFAULT Tunnel-Private-Group-Id == "sec11"
> Tunnel-Private-Group-Id=111,
> Reply-Message += "changed "
>
> DEFAULT Auth-Type == EAP
> Tunnel-Medium-Type = "IEEE-802",
> Tunnel-Type = "VLAN",
> Reply-Message += "Access success for %{User-Name}.",
> Fall-Through = no
This also looks wrong.
What are you trying to do, in more detail? Something is settings
Tunnel-Private-Group-Id to "sec11", and then you want to re-write it to
"111" - why not just change the thing that sets it in the first place?
More information about the Freeradius-Users
mailing list