Can someone share a working config that returns a VLAN in a radius reply based on a memberof match? I cant seem to get PF to return a vlan/role for anything other then whats defined in the node...
Here is my config if it helps. from authentication.conf [TLGAD] cache_match=0 read_timeout=10 realms=tlg password=**** searchattributes= scope=sub binddn=cn=****,dc=jamesburg,dc=local port=389 description=Local AD write_timeout=5 type=AD basedn=dc=jamesburg,dc=local monitor=1 set_access_level_action= shuffle=0 email_attribute=mail usernameattribute=sAMAccountName connection_timeout=1 encryption=none host=10.100.50.15 dynamic_routing_module=AuthModule [TLGAD rule mcnutt] action0=set_access_level=ALL condition0=sAMAccountName,contains,mcnutt match=all class=administration description=mcnutt [TLGAD rule TEST-CORP-LAN] action0=set_role=CORP-LAN condition0=sAMAccountName,contains,mcnutt (just testing to make sure my rule hits) match=any class=authentication action1=set_access_duration=5D [TLGAD rule catchall] action0=set_access_duration=5D match=all class=authentication action1=set_role=CORP-LAN CORP-VLAN on a given switch maps to VLAN 120, but the vlan is never returned in the radius reply. Only when I chose that role for the device in the node settings do the 3 vlan attributes get re-assigned. Robert McNutt
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
