Freeradius + Ldap - Authorise OK but NO dynamic VLANs

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Tue Aug 16 21:24:21 CEST 2016


Hi,

> I want to assign the VLAN according to which cn in LDAP is the user
> assigned. So ttester since he is in
> cn=SeminaryAdmin,ou=SeminaryOU,dc=seminary,dc=local
> he should get VLAN ID 12.

right...and how is that to be done?  there is nothign saying 12 there 0- so obviously you need to
do some lookup or translation....and then , via return attributes, set that value as per your NAS
requirements.


so first, check how to do the return attributes (read documentation) and then check out how to check a value
and make a decision via eg unlang - the 'policy' part. 

RADIUS servers are dumb....all your config is doing is an auth check....and its likely that a real
client will be doing an EAP method and so you'll need to configure inner-tunnel as required (check debug
logs to see what server is doing) - and decide hwo you are going to make the policy decision in
the inner tunnel (real userid) and pass it to the outer tunnel reply.

> I took your advice to upgrade and this is the new version: freeradius:
> FreeRADIUS Version 2.2.8, for host x86_64-pc-linux-gnu, built on Apr 5 2016
> at 13:40:43

3.0.11 is the current latest release/stable version.  how did you upgrade?  if you are
using your distribution then ask them when they are going to be providing the latest FR and
not code from years ago. 

use of mail archives helps for a quick boost here:

http://lists.freeradius.org/pipermail/freeradius-users/2011-July/054952.html


basically, you need to pull out ldap group info, then , using that info make a decision to
set VLAN - then set it - either via unlang policy . or in users file. unlang method is way way better/

alan


More information about the Freeradius-Users mailing list