Assign user to a realm.

[Deepansha Gaur]

Thanks Alan.

Right now, we are using vpn contexts to assign users to a particular vlan. Eg: if a user logs in with his ccid, he’s assigned a default VLAN, if they login with ccid at realm1 , they’re assigned Vlan 121.
We’re now moving to freeradius and I want to implement the same using realms. 
Or if I can assign a vlan to a particular ldap group. 

Regards,
Deepansha Gaur

> On May 31, 2024, at 5:29 AM, Alan DeKok <aland at deployingradius.com> wrote:
> 
> On May 30, 2024, at 6:22 PM, Deepansha Gaur <dgaur at ualberta.ca> wrote:
>> Some users are in the "users" file and some in LDAP. I'm looking for assigning a realm to users in the users file or if I can assign a realm to a particular LDAP group.
> 
>  The server comes with a lot of documentation.  If you read it, you'll notice that the only references to "realms" is in the realms module, and the proxy configuration.
> 
>  i.e. there is no such thing as "assign a realm to a particular ldap group".  The LDAP module doesn't have the concept of realms.  If it it, that would be documented in mods-available/ldap.
> 
>  Plus, it's not clear at all what you mean by "assign a realm to a particular LDAP group".  That description is vague, and means that no one can implement it.  So the problem here isn't that FreeRADIUS can't do something, it's that the requirements are unclear.
> 
>  Please describe in DETAIL what you want the server to do.  Be practical, and use real examples.  e.g.
> 
> 
>  A user logs in as "user at example.com".
> 
>  There is an LDAP group "foo".
> 
>  The server should only do group lookups in the LDAP group if the realm is "example.com".
> 
> 
>  If you're going to implement detailed unlang policies, you need to describe those policies in detail.  Unlang can't implement "I want to do stuff".
> 
>  Alan DeKok.
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html