freeradius vlan assigment with two ldap group
Alan DeKok
aland at deployingradius.com
Fri Sep 15 15:59:53 CEST 2017
On Sep 15, 2017, at 9:54 AM, Zenon Matuszyk <zenon.matuszyk at networkers.pl> wrote:
>
> I have two groups and if the user is in one of the groups connects to the VLAN 200 if it is connected to another vlan 216. If the user uses a different domain then it is also logged into the vlan 216 as in the case of eduroam but we have it in several buildings and everyone has his radius. Below my users file
Read "man users" to see how the "users" file is being processed.
>
>
> I do not know if I explain it well
>
>
> DEFAULT Realm == Null
> Auth-Type := Reject
> DEFAULT Realm == NULL, Client-IP-Address == 149.XXX.XXX.XXX
> Auth-Type := Reject
> DEFAULT Realm == NULL, Client-IP-Address == 149.XXX.XXX.XXX
> Auth-Type := Reject
>
> DEFAULT LDAP-Group := "cn=my_wifi,cn=Users,cn=company,cn=network,cn=local"
Yeah, that's wrong. See "man users". Read the text on operators. See the difference between "==" and ":="/
This is documented.
Alan DeKok.
More information about the Freeradius-Users
mailing list