Dynamic VLAN assignment depending on LDAP user group and MAC address
Matthew Newton
mcn4 at leicester.ac.uk
Mon Oct 14 11:40:19 CEST 2013
On Fri, Oct 11, 2013 at 05:41:07PM +0100, Fabrizio Vecchi wrote:
> As you can see, the device wasn't listed in the file, the authentication
> went fine, saying that the tunnel that I should get has ID 40, but that
> wasn't overwritten by the authorized_macs check...
Add
DEFAULT Auth-Type := Reject
to the bottom of your authorized_macs file.
You might as well move the mac address check up above eap in
the authorize section. There's no point going through all the eap
processing if you're just going to reject afterwards based on
something that could easily have been done first.
Cheers
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list