Fabrizio Vecchi wrote: > I guess at the end of the day my question boils down to the following: > where should I put the MAC check, so that the user gets assigned to the > right VLAN?
In post-auth. > If I put it in the authorize part of sites-enabled/default, the VLAN > update request will get overwritten by the post-auth part of > sites-enabled/inner-tunnel; The default configuration for the inner-tunnel does *not* set a VLAN in post-auth. So one configuration you added prevents you from using another configuration you added. > and if I put it in the post-auth of the file > sites-enabled/default file (which gets executed after inner-tunnel), the > authorized_macs function always returns noop. Delete the "set VLAN" stuff from the post-auth of the inner tunnel. As you've seen, it breaks the other configuration you're trying to use. When you put "authorized_macs" into the "post-auth", it runs the "post-auth" processing. Which doesn't read the "users" file... as the "users" file is done only in the "authorize" section. You should be able to put "authorized_macs.authorize" in the post-auth section. That will make it process the "users" file, and do what you want. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
