dynamic VLAN assignment w/ mschapv2 against AD and LDAP

schilling schilling2006 at gmail.com
Sun Jan 23 05:48:40 CET 2011

I have the following questions for using perl though. Since I already
use LDAP or ntlm_auth for inner-tunnel mschapv0 authentication. Will
there any flag set so I can know whether LDAP or ntlm_auth is using
for mschapv0 authentication in perl script? Also if if I need to check
ldap/AD for certain attributes in perl script, Do I need to make
another call to them via LDAP in the perl module?  Where should I put
the perl script in?

Many Thanks,


On Thu, Jan 20, 2011 at 2:15 PM, Alan DeKok <aland at deployingradius.com> wrote:
> schilling wrote:
>>Basically, I want to achieve
>> If (ldap authorization) {
>>     if (ldap.employeeStatus = facstaff) {
>>         REPLY{'Service-Type'}            = "Framed-User";
>>         REPLY{'Tunnel-Type'}             = "VLAN";
>>         REPLY{'Tunnel-Medium-Type'}      = "IEEE-802";
>>         REPLY{'Tunnel-Private-Group-Id'} = "facstaff";
>>     } else { # no ldap.employeeStatus attribute or ldap.employeeStatus
>  You can put pretty much that into a Perl script, or into "unlang".
>> What's the easiest way to accomplish this? unlang? perl module? Where to start?
>  I'd write a Perl script first.
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list