802.1X - ntlm, Secure LDAP and dynamic vlan

Ray Burquest rburquest at respiro.com.au
Wed Aug 25 05:04:18 CEST 2021


I couldn't locate the NAS documentation could you provide the link.

Also, where do I configure the process to select the auth method based on domain?


-----Original Message-----
From: Alan DeKok <aland at deployingradius.com> 
Sent: Wednesday, 25 August 2021 10:52 AM
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: Re: 802.1X - ntlm, Secure LDAP and dynamic vlan

> On Aug 24, 2021, at 7:44 PM, Ray Burquest <rburquest at respiro.com.au> wrote:
> Hi,
> I am setting up a pilot for 802.1X with dynamic VLAN assignment based on the domain of the user attempting to connect to the switch. Users will be authenticated through different means depending on their domain ie
> user at domainA.com = ntlm
> user at domainB.com = Secure LDAP
> unrecognised domain = default guest VLAN
> I have got ntlm authentication and Secure LDAP authentication working independently but I would like some guidance as to how and where I configure the selection process and then then how to return the VLAN information

  You return it in special RADIUS attributes.  See the NAS documentation for which ones it needs.

  Typically it's:

Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = "VLAN-NAME"

  Alan DeKok.

More information about the Freeradius-Users mailing list