Matthieu Lazaro wrote: > OK, so tell me where to implement complex policies?
I've been trying. You need to write down what you have (in RADIUS packets, LDAP, etc.). You need to write down what you want (contents of reply packets, behaviors, etc.). You then need to write down a process for converting one into the other. This is programming. It is practically and theoretically impossible to describe how to write any program. You MUST figure it out for yourself. > And when you say "that cannot be implemented with the LDAP module", do > you mean that all those fields added by RADIUS-LDAPv3.schema are useless? Ah, yes. You didn't get *exactly* what you wanted, so you're looking for ways to fight back, and claim that the software is crappy. > And finally, can you say that when a dumb users plugs in the wrong VLAN, > like a admin VLAN, I cannot deny him or put him automatically in the > right VLAN with radius? I didn't say that, and no amount of distortion of my messages could lead you to believe I said that. You seemed to have turned my response of "assign users into a vlan", into "you cannot assign users into a vlan". While ingenious, it is distinctly unproductive. As a simple hint: Why the HELL do you care which VLAN the user is requesting? Just assign them to the right VLAN. If the switch doesn't enforce that VLAN assignment, then BLAME THE SWITCH. Don't blame FreeRADIUS, like most people do in this situation. Again, you are going out of your way to create complexity where none is necessary. This causes you to be confused about how the server works. It causes you to try to configure impossible things. It causes you to be rude on the list when we tell you "don't do it that way." Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
