I'm a bit confused on this one. I want my users vlan'd based on their affiliation (ie, staff, student) In my radiusd.conf file, under ldap, I've put:
groupmembership_attribute = eduPersonPrimaryAffiliation Do I need to do more in my radiusd.conf file than that? I assume this means assign them to a group based on the value stored in the LDAP field eduPersonPrimaryAffiliation I then added to my users file: DEFAULT Huntgroup-Name == myAP, Ldap-Group == staff User-Name=`%{User-Name}`, Tunnel-Medium-Type=IEEE-802, Tunnel-Private-Group-Id=2, Tunnel-Type=VLAN, Fall-Through = no But this doesn't seem to work. My staff users do not get assigned to vlan 2. Do I need to make a huntgroup for myAP? If there's a link to an overview or something, it would be much appreciated. Any help is appreciated. Thanks Matt [EMAIL PROTECTED] -----Original Message----- From: Thibault Le Meur [mailto:[EMAIL PROTECTED] Sent: July 28, 2006 5:37 PM To: FreeRadius users mailing list; Thibault Le Meur Cc: [EMAIL PROTECTED]; FreeRadius users mailing list Subject: Re: assigning vlan based on LDAP attribute > One way to do that is to use LDAP groups. If your users are in > dedicated LDAP groups, then a rule like the following in your "users" > file will do the trick: > DEFAULT Huntgroup-Name == myAP, Ldap-Group == Engineering > User-Name=`%{User-Name}`, > radiusTunnelMediumType: IEEE-802 > radiusTunnelType: VLAN > radiusTunnelPrivateGroupId: 2 > Fall-Through = no Sorry... my mistake, use the following rule instead: DEFAULT Huntgroup-Name == myAP, Ldap-Group == Engineering User-Name=`%{User-Name}`, Tunnel-Medium-Type=IEEE-802 Tunnel-Private-Group-Id=2 Tunnel-Type=VLAN Fall-Through = no Thibault - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html