In the users file do this:
DEFAULT Ldap-Group == "cn=InsideGroup,o=Base"
Reply-Message = "Your a member of the Inside Group",
Tunnel-Medium-Type = IEEE-802,
Tunnel-Type = VLAN,
Tunnel-Private-Group-ID = 11,
Fall-Through = No
DEFAULT Auth-Type == "LDAP"
Reply-Message = "You did not match a LDAP Group",
Tunnel-Medium-Type = IEEE-802,
Tunnel-Type = VLAN,
Tunnel-Private-Group-ID = 99
All members of the InsideGroup will get the first group of attributes and
the FreeRadius will stop looking.
Everyone else who authenticated through LDAP will get the second group of
attributes.
Bob
On Thu, Mar 18, 2010 at 8:59 AM, omega bk <[email protected]> wrote:
> hi,
>
> assume that the switch does not support the "auth-fail" and has 2 vlan (
> vlan inside and vlan outside ), is it possible in the users file to put a
> condition like:
>
> if (user belong to Ldap-group=inside)
> assign to vlan = inside
> else
> assign to vlan = outside
>
> is that possible ?
>
>
> thanks
>
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
--
The problem with socialism is that you eventually run out of other people's
money. - Margaret Thatcher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
