On Thu, Feb 17, 2011 at 02:06:18PM -0500, schilling wrote: > Hi All, > > I get dynamic VLAN assignment working in post-auth section with > help/hints from a lot of list members. Now I want to do one more > steps. I would like to hash the username or mac-address to distribute > users to different VLANs. The idea is to use freeradius to spread the > load on different smaller subnets to reduce the broadcast in bigger > VLANs. > > For example I want to do the following > if ( "%{User-Name}" !~ /@/ ) { > if ( %{User-Name}%2 == 0 ) { > update reply { > Service-Type = "Framed-User" > Tunnel-Type = "VLAN" > Tunnel-Medium-Type = "IEEE-802" > Tunnel-Private-Group-Id = "facstaff0" > } > elsif ( %{User-Name}%2 == 1 ) { > update reply { > Service-Type = "Framed-User" > Tunnel-Type = "VLAN" > Tunnel-Medium-Type = "IEEE-802" > Tunnel-Private-Group-Id = "facstaff1" > } > } > } > > Will I be able to do this in the post-auth with unlang? > > Thanks, > > Schilling >
I did not see how that could be done with just unlang and we implemented it with a perl function that calculated a 32-bit checksum of the User-Name and used that with the modulo function to assign to the appropriate VLAN. Here is the authorize function that we are using: # Function to handle authorize sub authorize { # For debugging purposes only # &log_request_attributes; # Here's where your authorization code comes # You can call another function from here: # &test_call; # # Calculate the 32-bit checksum of the User-Name to use for # assigning the VLAN number. $chksum_username = unpack("%32C*", $RAD_REQUEST{'User-Name'}); if ($RAD_REPLY{'Connect-Info'} =~ /visitor/i) { $RAD_REPLY{'Tunnel-Private-Group-Id'} = "visitor0" . ($chksum_username % 8 + 1); } elsif ($RAD_REPLY{'Connect-Info'} =~ /staff/i) { $RAD_REPLY{'Tunnel-Private-Group-Id'} = "staff0" . ($chksum_username % 8 + 1); } elsif ($RAD_REPLY{'Connect-Info'} =~ /student/i) { $RAD_REPLY{'Tunnel-Private-Group-Id'} = "student0" . ($chksum_username % 8 + 1); } return RLM_MODULE_UPDATED; } Regards, Ken - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html