"Bill Carr" <[EMAIL PROTECTED]> wrote: > My pseudo-code thought process is outlined below (I'm not a coder, would > never profess to be; thus my post!): > > if NAS-Port-Type == "Wireless - IEEE 802.11" > > then > > Tunnel-Medium-Type == IEEE-802 > Tunnel-Type == VLAN > > if Filter-ID =~ "Internet-Restricted"
That won't work. The NAS doesn't send Filter-Id. You've got to configure the server to send the correct response back. > My reading thus far has lead me to test my reply attribute requirements > from the "users" file and that works perfectly. If someone could point > me in a simple direction on how to strip/rewrite the attributes based on > the 'authorization' reply from LDAP, I'd be indebted. I don't see why that's necessary. Configuring the server to do something, then re-do what it already did as something else, is a bad idea. It's hard to configure, and prone to problems. Instead, configure the server to match on something, and send a reply. It's a lot easier. > I've seen examples of profiles stored on LDAP, but I'm curious how > I could choose a different profile based upon the "NAS-Port-Type" > received in the Access-Request You put the NAS-Port-Type into the LDAP query. That's hwy the queries are configurable. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html