Dynamic VLAN with LDAP group

Thomas Massip thomas.massip at e-tera.com
Wed Aug 17 10:14:13 CEST 2016


Hi all,

I know this subject is redondant but I don't arrive to do what I want..

So actually i arrive to do Dynamic VLAN with LDAP user,

exemple of LDAP user entry :

dn: uid=thomas,cn=test,ou=groups,dc=domaintest,dc=lan
objectClass: person
objectClass: radiusprofile
objectClass: shadowAccount
objectClass: posixAccount
objectClass: inetOrgPerson
cn: thomas massip
uid: thomas
sn: thomas
givenName: Thomas
uidNumber: 10003
gidNumber: 1500
loginShell: /bin/bash
homeDirectory: /ahome/thomas
userPassword: 1B4EDB9F184199B74F58553DC77CD8E5
radiusTunnelType: VLAN
radiusTunnelMediumType: 6
radiusTunnelprivateGroupId: 100

When I do that this is Ok, my user go on vlan 100.

But now, I want do same but not with user, with GROUPS so i try:

dn: cn=test, ou=groups, dc=domaintest,dc=lan
objectClass: top
objectClass: posixGroup
objectClass: radiusprofile
cn: test
gidNumber: 1500
description: groupe de test vlan
memberUid: 10003
radiusTunnelType: VLAN
radiusTunnelMediumType: 6
radiusTunnelprivateGroupId: 100

where memberUid: 10003 =

dn: uid=thomas,cn=test,ou=groups,dc=domaintest,dc=lan
objectClass: person
objectClass: radiusprofile
objectClass: shadowAccount
objectClass: posixAccount
objectClass: inetOrgPerson
cn: thomas massip
uid: thomas
sn: thomas
givenName: Thomas
uidNumber: 10003
gidNumber: 1500
loginShell: /bin/bash
homeDirectory: /ahome/thomas
userPassword: 1B4EDB9F184199B74F58553DC77CD8E5

But, this solution doesn't work.

I know I can use file users with (I test and it's work) :

DEFAULT Ldap-Group == "cn=test,ou=groups,dc=domaintest,dc=lan"

         Tunnel-Type = VLAN,

         Tunnel-Medium-Type = IEEE-802,

         Tunnel-Private-Group-Id = "100"

         #Reply-Message = "Cette methode marche, tu est dans le 100"


But I really want to stock all information on LDAP not on file users. So 
i try to do an update reply on module LDAP subsection 'group' but that 
doesn't work too (I think it's the good solution but I miss something).

So if anyone can help me to return VLAN attribute with the LDAP groups

Thanks all and sry for the bad english

Regards,
Thomas.





More information about the Freeradius-Users mailing list