Am Freitag, 13. Februar 2009 11:00:10 schrieb Paul Dealy: > On Fri, Feb 13, 2009 at 6:37 PM, Michael Schwartzkopff > > <mi...@multinet.de> wrote: > > Am Freitag, 13. Februar 2009 07:17:17 schrieb Paul Dealy: > >> I have a working radius server (ver 1.1.3). which I am using for > >> 802.1x authentication of wired switch ports. I would like to > >> dynamically assign users vlans. I have cisco gear and have achieved > >> basic vlan allocation by configuring a Default entry in the users > >> file. So the vlan allocation part works ok. > >> > >> What I want to be able to do is allocate the vlan by matching the > >> value of an LDAP attribute. Not by group membership, but the actual > >> value of a users attribute. Is this possible? > >> > >> Cheers, > >> Dealy > > > > Yes. Just assign these attributes to the user object in LDAP. > > I have a value set for an attribute in LDAP, how do I "extract" the > value from the attribute and do a comparison on it in the users file > so I can set the VLAN?
Hi, I don't remember exactly what I did on version 1. Please see: http://vuksan.com/linux/dot1x/802-1x-LDAP.html for some hints. I had something like DEFAULT Auth-Type .= LDAP Reply-Message = "Auth by LADP" in my users file. Other attributes stored in an object of objectClass radiusprofile should be added automatically to the Reply attributes. It is much simpler in verison 2 of FreeRADIUS. It nearly works out of the box. Just uncomment the ldap part in authorization and authentication sections. Greetings, -- Dr. Michael Schwartzkopff MultiNET Services GmbH Addresse: Bretonischer Ring 7; 85630 Grasbrunn; Germany Tel: +49 - 89 - 45 69 11 0 Fax: +49 - 89 - 45 69 11 21 mob: +49 - 174 - 343 28 75 mail: mi...@multinet.de web: www.multinet.de Sitz der Gesellschaft: 85630 Grasbrunn Registergericht: Amtsgericht München HRB 114375 Geschäftsführer: Günter Jurgeneit, Hubert Martens --- PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B Skype: misch42 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html