Thanks Frank your a wealth of info. I will test it out once Ive
finished the cgi frontend for freeradius Ive been askes to code.
On 5/3/07, Ranner, Frank MR [EMAIL PROTECTED] wrote:
-Original Message-
From:
[EMAIL PROTECTED]
eradius.org [mailto:freeradius-users-
[EMAIL PROTECTED] On
Behalf Of Jacob Jarick
Sent: Wednesday, 2 May 2007 18:28
To: FreeRadius users mailing list
Subject: VLAN Queries
Salutations all,
I will be attempting VLAN assignment tomorrow via FR + ADS +
cisco wap.
1st Question: Is it possible to assign VLAN based solely on
what ldap server authorized it. (The sites we are looking @
have 1 domain server for staff and 1 for students).
2: Ive been looking @ Mat Ashfields email query regarding
vlans, it looks nice and straight forward to me, my only
query: Is the ldap group automatically fetched or is some
extra configuration needed under the ldap modules or ldap.attrbmap.
Mats Example:
DEFAULT Huntgroup-Name == mySWITCH1, Ldap-Group == staff
User-Name=`%{User-Name}`,
Tunnel-Private-Group-Id=176,
Tunnel-Type=VLAN,
Fall-Through = no
DEFAULT Huntgroup-Name == mySWITCH1, Ldap-Group == student
User-Name=`%{User-Name}`,
Tunnel-Private-Group-Id=177,
Tunnel-Type=VLAN,
Fall-Through = no
An ldap group query is triggered by the presence of the Ldap-Group
attribute in the users file. The query uses the groupmembership_filter
to locate the entry relevent to the user and matches the groupname in
the
groupmembership_attribute. For active directory, you probably want the
memberOf attribute in the person record.
Something like (radiusd.conf):
groupmembership_filter =
(samaccountname=%{Stripped-User-Name:-%{User-Name}})
groupname_attribute = memberOf
Regards
Frank Ranner
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html