Steven Carr wrote:
> That is the issue, I do not know what attributes we do want, only what
> we don't want.
If you don't want the attributes, it would be simplest to not add them
in the first place.
> We only want to send back the VLAN switching dot1x attributes if the
> request comes from a particular huntgroup (containing devices that are
> allowed to do dot1x), the problem being one of these attributes is
> stored in LDAP (the actual VLAN number to put someone in).
You can map that VLAN number to a server-side attribute. Then, copy
it to the correct tunnel attribute when you want.
e.g. map it to Tmp-String-0, (ldap.attrmap), and then do:
if (... i want to send vlan) {
update reply {
Tunnel-Private-Group-Id = "%{Tmp-String-0}"
...
}
}
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
