I think part of my problem is that I do not have the vlans defined in the Access Point. I incorrectly assumed that the AP would receive the vlan info from the Radius server, and tag all outgoing packets from the wireless client with that tag. However, I'm starting to think that that is completely incorrect?! I should probably be creating all the vlans within the AP right? If that's the case, it looks like I need a separate SSID per Vlan (using Avaya gear here). I really hope that is not the case.
Thanks Matt [EMAIL PROTECTED] -----Original Message----- From: Thibault Le Meur [mailto:[EMAIL PROTECTED] Sent: September 27, 2006 2:03 PM To: [EMAIL PROTECTED] Cc: 'FreeRadius users mailing list' Subject: RE : RE : assigning vlan based on LDAP attribute > > My ldap section from radiusd.conf looks like: > ldap { > server = "ldapserver.net.org" > identity = "uid=name,dc=net,dc=org" > password = password > basedn = "ou=stuffdc=net,dc=org" > filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" > start_tls = no > dictionary_mapping = ${raddbdir}/ldap.attrmap > ldap_connections_number = 5 > password_attribute = userPassword > groupmembership_attribute = > eduPersonPrimaryAffiliation > timeout = 4 > timelimit = 3 > net_timeout = 1 > } It seems ok to me... > > My users file contains the following at the end: > DEFAULT Huntgroup-Name == myAP, Ldap-Group == staff > User-Name=`%{User-Name}`, > Tunnel-Medium-Type=IEEE-802, > Tunnel-Private-Group-Id=2, > Tunnel-Type=VLAN, > Fall-Through = no > > My huntgroups file has: > myAP NAS-IP-Address == x.x.x.141 > > In my Debug I noticed that although I have them commented out > of radiusd.conf, I still see: > Debug: ldap: groupname_attribute = "cn" > Debug: ldap: groupmembership_filter = > "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(obje > ctClass=GroupO > fUniqueNames)(uniquemember=%{Ldap-UserDn})))" Strange... > You asked: > * is your AP accepting Tunnel-Private-Group-Id=2 (I've got AP > which uses other format). How do I check that? Check in your AP documentation ? But this format is the most commonly used, so I don't think this is the issue. Can you send a more complete debug. Thibault - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html