Thanks Frank your a wealth of info. I will test it out once Ive finished the cgi frontend for freeradius Ive been askes to code.
On 5/3/07, Ranner, Frank MR <[EMAIL PROTECTED]> wrote: > > -----Original Message----- > > From: > > [EMAIL PROTECTED] > eradius.org [mailto:freeradius-users-> > [EMAIL PROTECTED] On > > Behalf Of Jacob Jarick > > Sent: Wednesday, 2 May 2007 18:28 > > To: FreeRadius users mailing list > > Subject: VLAN Queries > > > > Salutations all, > > > > I will be attempting VLAN assignment tomorrow via FR + ADS + > > cisco wap. > > > > 1st Question: Is it possible to assign VLAN based solely on > > what ldap server authorized it. (The sites we are looking @ > > have 1 domain server for staff and 1 for students). > > > > 2: Ive been looking @ Mat Ashfields email query regarding > > vlans, it looks nice and straight forward to me, my only > > query: Is the ldap group automatically fetched or is some > > extra configuration needed under the ldap modules or ldap.attrbmap. > > > > Mats Example: > > > > DEFAULT Huntgroup-Name == mySWITCH1, Ldap-Group == staff > > User-Name=`%{User-Name}`, > > Tunnel-Private-Group-Id=176, > > Tunnel-Type=VLAN, > > Fall-Through = no > > > > DEFAULT Huntgroup-Name == mySWITCH1, Ldap-Group == student > > User-Name=`%{User-Name}`, > > Tunnel-Private-Group-Id=177, > > Tunnel-Type=VLAN, > > Fall-Through = no > > > > An ldap group query is triggered by the presence of the Ldap-Group > attribute in the users file. The query uses the groupmembership_filter > to locate the entry relevent to the user and matches the groupname in > the > groupmembership_attribute. For active directory, you probably want the > memberOf attribute in the person record. > > Something like (radiusd.conf): > groupmembership_filter = > "(samaccountname=%{Stripped-User-Name:-%{User-Name}})" > groupname_attribute = memberOf > > > Regards > Frank Ranner > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
