FreeRadius Accounting.

Pizu pizpower at gmail.com
Thu Apr 8 12:07:54 CEST 2021


Hi,

Yes sure.. I am using unlang in post-auth.

                elsif (LDAP-Group == "AD - Group - 1") {
                        update reply {
                                Tunnel-Type := "VLAN"
                                Tunnel-Medium-Type := "IEEE-802"
                                Tunnel-Private-Group-Id := "943"
                                Class := "AD-Group-1"
                        }
                }
                elsif (LDAP-Group == " AD - Group - 2") {
                        update reply {
                                Tunnel-Type := "VLAN"
                                Tunnel-Medium-Type := "IEEE-802"
                                Tunnel-Private-Group-Id := "943"
                                Class := "AD-Group-2 "
                        }
                }
                else {
                        update reply {
                                Tunnel-Type := "VLAN"
                                Tunnel-Medium-Type := "IEEE-802"
                                Tunnel-Private-Group-Id := "200"
                        }
                }

The class is the Group assigned on the firewall. like this i am matching an
AD group, assign the vlan with the 802.1x auth then send the group towards
the firewall and open the access according to the group.


Regards,

Pizu


On Wed, 7 Apr 2021 at 20:42, Linux Threads <linuxthreads at gmail.com> wrote:

> HI Pizu,
>
> you mind sharing what you did to get this sorted?
>
> Regards
>
> > Sorted :)
> >
> > Regards,
> >
> > Pizu
>
>
> On Wed, 7 Apr 2021 at 19:58, Pizu <pizpower at gmail.com> wrote:
>
> > hmm.. something like: Class := "%{Group}" - correct?
> >
> > Regards,
> >
> > Pizu
> >
> >
> > On Wed, 7 Apr 2021 at 19:44, Pizu <pizpower at gmail.com> wrote:
> >
> >> Hi,
> >>
> >> I need to forward the class which will reflect to a group not the
> actual
> >> LDAP-Group.
> >>
> >> The firewall is expecting the Radius Accounting-Start attribute.
> >>
> >> Example:
> >> Acct-Status-Type=Start,Framed-Ip-Address=10.0.0.1,User-
> Name=user.name
> >> ,Acct-Session-Id=0211a4ef,Class=usergroup1,Calling-Station-Id=00-0c-
> 29-44-BE-B8
> >>
> >> I hope I explained better now.
> >>
> >> Regards,
> >>
> >> Pizu
> >>
> >>
> >> On Wed, 7 Apr 2021 at 19:20, Alan DeKok <aland at
> deployingradius.com>
> >> wrote:
> >>
> >>> On Apr 7, 2021, at 1:15 PM, Pizu <pizpower at gmail.com> wrote:
> >>> > What I mean with LDAP-Group is I need to forward the group name
> that is
> >>> > assigned to the user towards the firewall (accounting) in order
> for the
> >>> > firewall to open the access that is assigned. RSSO
> >>>
> >>>   So read the firewall documentation to see which attribute it
> needs.
> >>>
> >>>   I can guarantee you that it's not LDAP-Group.
> >>>
> >>>   Alan DeKok.
> >>>
> >>> -
> >>> List info/subscribe/unsubscribe? See
> >>> http://www.freeradius.org/list/users.html
> >>
> >>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list