Solved: interpret check-Item and change reply-item to set VLAN
Michael Bathe
michael.bathe at gfz-potsdam.de
Tue Sep 14 09:35:15 CEST 2010
Thanks for reply!
I have solved my attempt to set VLAN-Group-ID based on checkItem by
insert this line in post-auth section of 'sites-available/default'
--
$INCLUDE ${confdir}/setTunnelGroup
--
In the file setTunnelGroup I insert this:
--
if (reply:SectionNetwork == "sec11") {
update reply {
Tunnel-Private-Group-ID :=111
}
}
--
In file 'dictionary' I add this line:
--
ATTRIBUTE SectionNetwork 4000 string
--
In file 'ldap.attrmap' I add this line:
--
replyItem SectionNetwork sectionNetwork
--
@ Phil:
My problem is that the value of ldap-attribute is not correspond to the
vlan name in our cisco switch at this time.
LG Michael
Am 13.09.2010 16:10, schrieb Alan DeKok:
> Michael Bathe wrote:
>
>> is there any how_to or solution to interpret the ldap checkItem and
>> change the replyItem (I think in inner-tunnel)?
>> f.e.: If the checkItem match one of 'sec11', 'Sec11', 'SEC11'... the
>> replyItem should be set to '111'.
>>
> $ man unlang
>
> The ldap module doesn't do generic comparison or setting of
> attributes. Neither does the "users" file.
>
> But the "unlang" policy language does.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--
Michael Bathe
Rechenzentrum
-Netzwerkadministration-
Tel.: +49 (0)331/288-1803
Fax: +49 (0)331/288-1730
Email: michael.bathe at gfz-potsdam.de
___________________________________
Helmholtz-Zentrum Potsdam
Deutsches GeoForschungsZentrum - GFZ
Stiftung des Öff. Rechts Land Brandenburg
Telegrafenberg G257, D-14473 Potsdam
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5994 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100914/d453bda5/attachment.bin>
More information about the Freeradius-Users
mailing list