This may help you. http://lists.freeradius.org/mailman/htdig/freeradius-users/2009-November/msg00001.html
Using the Postauth_users restricting it via a ldap group should work. On Tue, Apr 27, 2010 at 11:50 AM, Gary Gatten <[email protected]> wrote: > Hello all, > > > > I currently have FR v2.1.6 (Yes, I’ll upgrade…) running on RHEL5. I’m > authenticating VPN users and Ci$co device shell access using SAMBA/ntlm_auth > integration. “Everything” is working fine. > > > > My next task is assigning Dynamic VLAN ID’s. I have some test > accounts/ports working using the “users” file, but I’m ready to take the > next step to deploy DVLANs company wide, and want to assign the ID based on > an AD/LDAP attribute. > > > > I prefer not to extend the schema and ideally would be able to assign the > VLAN ID based on a “Group” attribute – so I don’t have to go back and > populate some attribute for a couple thousand users. > > > > Anyway, there are numerous posts about this issue / similar issues. I’m > wondering if there is a “Best Practice” method or “Preferred” method to > accomplish this? A method known to work better than another or works as > well as anything but is “easy” to implement, etc. Or, is this one of those > things where there is a dozen right answers and I just need to pick one and > do it? > > > > Any thoughts appreciated! > > > > TIA! > > > > Gary > > > > > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
