Dynamic VLAN assignment depending on LDAP user group and MAC address
Matthew Newton
mcn4 at leicester.ac.uk
Mon Oct 14 11:51:54 CEST 2013
On Mon, Oct 14, 2013 at 10:40:19AM +0100, Matthew Newton wrote:
> On Fri, Oct 11, 2013 at 05:41:07PM +0100, Fabrizio Vecchi wrote:
> > As you can see, the device wasn't listed in the file, the authentication
> > went fine, saying that the tunnel that I should get has ID 40, but that
> > wasn't overwritten by the authorized_macs check...
>
> DEFAULT Auth-Type := Reject
I misread (and replied before I'd seen the other thread from your
duplicate message...) - to set the vlan for any users that *don't*
match other entries, then add this at the bottom:
DEFAULT
Tunnel-Type:0 := VLAN
Tunnel-Medium-Type:0 := IEEE-802
Tunnel-Private-Group-Id:0 := "999"
To Reject, you can do it in authorize. To set the VLAN, as Alan
said, post-auth is the better place.
Use ":=" to force the values to be set. "=" will not change the
values if already set by the inner tunnel, etc.
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list