Hi, > authenticate correctly and he'd be given access at this point. But if we > could get Radius to check and LDAP field which say which vlan he has access > to, and allow or deny access to the network if the user is not currently in > that vlan, then I guess that would be the ideal solution.
thats exactly one way to do it - use the LDAP checking for group attribute. other ways depend on how your directory is configured, do you have other attributes, are the userid's obvious etc? rlm_perl can then be used, for example to query and set the VLAN attribute correctly (if the WLAN kit supports such attributes) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html