i could'nt imagine that would be so simple. i'll try that next time [?]
thank u 2010/3/18 Bob Brandt <[email protected]> > In the users file do this: > > DEFAULT Ldap-Group == "cn=InsideGroup,o=Base" > Reply-Message = "Your a member of the Inside Group", > Tunnel-Medium-Type = IEEE-802, > Tunnel-Type = VLAN, > Tunnel-Private-Group-ID = 11, > Fall-Through = No > > DEFAULT Auth-Type == "LDAP" > Reply-Message = "You did not match a LDAP Group", > Tunnel-Medium-Type = IEEE-802, > Tunnel-Type = VLAN, > Tunnel-Private-Group-ID = 99 > > All members of the InsideGroup will get the first group of attributes and > the FreeRadius will stop looking. > Everyone else who authenticated through LDAP will get the second group of > attributes. > > Bob > > On Thu, Mar 18, 2010 at 8:59 AM, omega bk <[email protected]> wrote: > >> hi, >> >> assume that the switch does not support the "auth-fail" and has 2 vlan ( >> vlan inside and vlan outside ), is it possible in the users file to put a >> condition like: >> >> if (user belong to Ldap-group=inside) >> assign to vlan = inside >> else >> assign to vlan = outside >> >> is that possible ? >> >> >> thanks >> >> >> >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > > > -- > The problem with socialism is that you eventually run out of other people's > money. - Margaret Thatcher > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
<<330.gif>>
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
