dynamic VLAN assignment w/ mschapv2 against AD and LDAP
schilling
schilling2006 at gmail.com
Thu Jan 20 21:41:03 CET 2011
Where should I put the perl script? I already have a perl module for
another virtual server to use radscript.
I also tried unlang in post-auth, like
if ( %{User-Name} =~ /\@/ && fooEmployeeStatus =~ /active/i ) {
update outer.reply {
Service-Type = "Framed-User"
Tunnel-Type = "VLAN"
Tunnel-Medium-Type = "IEEE-802"
Tunnel-Private-Group-Id = "facstaff"
}
}
I did map something to fooEmployeeStatus in ldap.attrmaps
Bare %{...} is invalid in condition at: %{User-Name} =~ /\@/ &&
fooEmployeeStatus =~ /active/i )
/home/sding/opt/etc/raddb/sites-enabled/inner-tunnel[276]: Errors
parsing post-auth section.
How can I reference User-Name in post-auth section of inner-tunnel?
Thanks,
Schilling
On Thu, Jan 20, 2011 at 2:15 PM, Alan DeKok <aland at deployingradius.com> wrote:
> schilling wrote:
>>Basically, I want to achieve
>> If (ldap authorization) {
>> if (ldap.employeeStatus = facstaff) {
>> REPLY{'Service-Type'} = "Framed-User";
>> REPLY{'Tunnel-Type'} = "VLAN";
>> REPLY{'Tunnel-Medium-Type'} = "IEEE-802";
>> REPLY{'Tunnel-Private-Group-Id'} = "facstaff";
>> } else { # no ldap.employeeStatus attribute or ldap.employeeStatus
>
> You can put pretty much that into a Perl script, or into "unlang".
>
>> What's the easiest way to accomplish this? unlang? perl module? Where to start?
>
> I'd write a Perl script first.
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list