Retrieving eDirectory VLAN attributes

Dan Lietz dlietz at inghamisd.org
Thu May 23 23:14:46 CEST 2013


Hello,

I'm pretty much a noob when it comes to freeradius as I still don't completely understand what files are used for authorization and authentication and where to put different certain pieces of configuration.

I'm trying to set up dynamic vlans for a wireless network with a Ruckus Zone Director backend and a freeradius backend authenticating via LDAP to eDirectory running on the same box. So far I've managed to configure 802.11x authentication using PEAP and that is working well.

Now I want to be able to retrieve the radius attribute in eDirectory for the vlan tag so the Ruckus Zone Directory will automatically place the user on the correct vlan once they are authenticated.

I did some initial testing without using LDAP by adding the following lines to my users file:

DEFAULT
Tunnel-Type = VLAN,
Tunnel-Medium-Type = 802,
Tunnel-Private-Group-ID = 85,
Fall-Through=Yes

By changing the value of "Tunnel-Private-Group-ID" (set to 85 in the above example) the Zone Director will move users to the vlan ID I specify here, but it is obviously static and does not change based on the user. The next step is to configure FreeRadius to pull the info from eDir via LDAP and that's the part I'm not getting.

Part of my problem is that I don't know which attributes mappings are built in and which aren't. According to this document: Integrating Novell eDirectory with FreeRadius<https://www.netiq.com/documentation/edir_radius/radiusadmin/?page=/documentation/edir_radius/radiusadmin/data/bv8m2ll.html> the listed radius attributes are available for use, but does that mean I don't need to add them to ldap.attr or the dictionary file at all? Or that I don't need to add an LDAP attribute map to the LDAP Group object in iManager?

The other thing I don't understand is where (i.e. what file) to put the ldap call for said attributes and what the syntax would look like.

I've configured my eap.conf to include 'copy_request_to_tunnel = yes' and 'use_tunneled_reply = yes'

Any help is greatly appreciated and if I'm asking

Thanks.

Dan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130523/8b48affe/attachment.html>


More information about the Freeradius-Users mailing list