> Hi, > > I have made a system of authorization with freeradius 1.0.4 based on > LDAP attribute radiusGroupName and it works perfectly! > > Now I have this problem: > > I have on my access points two VLAN named data and students. I want to > create different group for the authorization to access to this VLANs. > Example, I want that who have the attribute radiusGroupName = WLANdata > can access to the VLAN "data"; and who have the attribute > radiusGroupName=WLANstudents can access to the VLAN "students". > > How I can configure the huntgroups file? or I need to configure the > users file? > > Thanks and excuse me for my english, > Felice
I'm assuming you mean that if someone has radiusgroupname=WLANStudents, then you want to assign them to that VLAN. Is that correct? If so, you need to find out what radius attributes you need to send back to the access point to assign them to that VLAN. Then you can use the users file to set that up. For example. DEFAULT Ldap-Group == WLANstudents SomeAttribute = SomeValue DEFAULT Ldap-Group == WLANdata SomeAttribute = OtherValue Make sense? The SomeAttribute is some radius attribute that your NAS expects back that will assign them to a VLAN. The SomeValue and OtherValue are the values you would return that would specify which VLAN they should be in. You'll have to check the documentation of your AccessPoint to figure out what that attribute/value pair should be. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html