On Wed, Aug 1, 2012 at 5:03 AM, Kaya Saman <[email protected]> wrote: > From what I can see it's quite non-complex config though one needs to > understand the process of how RADIUS works and additionally the 'radius' way > of doing things rather then say, a corporate network vendor way.
This helps: http://wiki.freeradius.org/Concepts > For now I have all the pieces to my jigsaw puzzle, minus defining a VLAN > (tunnel ID) of last resort so if FR doesn't recognize the L2 address of a > machine it should give it a specific tunnel-ID (VLAN). There should be many ways to do that. If you assume that "normal" users would always have ONE Tunnel-Private-Group-Id reply attribute (in radreply), then you should be able to use unlang: http://freeradius.org/radiusd/man/unlang.html You would then need to do something like this: - have "sql" module active in authorize block (you should already have that), which would populate reply attributes from rad(group)reply table - under that, have an unlang block that says "if there's no Tunnel-Private-Group-Id attribute in the reply, then add one". Something like (untested) update reply { Tunnel-Private-Group-Id = 10 } Replace the "10" there with whatever your Tunnel-Private-Group-Id for unknown users is, and the "=" operator will "Add the attribute to the list, if and only if an attribute of the same name is not already present in that list" (see unlang man page). -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
