problems with dynamic vlan assignment
Phil Mayers
p.mayers at imperial.ac.uk
Thu Sep 16 15:34:50 CEST 2010
On 16/09/10 10:16, Eric Doutreleau wrote:
> thanks for your replay
>
> here what i did
>
> in the ldap.attrmap i put
> checkItem User-Category eduPersonPrimaryAffiliation
checkItem means "put the attribute into the check/config items list".
Looking at the source code, I see that rlm_ldap can't update the request
item list.
>
> in the user file i did
> DEFAULT
> Tunnel-Type := VLAN,
> Tunnel-Medium-Type := IEEE-802,
> Tunnel-Private-Group-Id = 901,
> Fall-Through = Yes
>
> DEFAULT User-Category == "student"
> Reply-Message = "Your a member of the student Group",
> Tunnel-Private-Group-Id = 902
This means "match User-Category in the request items list", which is not
the list you've put it in.
"files" syntax cannot do comparisons against check/config or reply
items, and LDAP can only put items into check/config or reply. You will
therefore have to use an "unlang" syntax as per my previous email:
authorize {
...
ldap
if (control:User-Category == ...) {
...
}
}
More information about the Freeradius-Users
mailing list