Matt Ashfield wrote: > Hi, > > We'd like to use FR to assign users on our wired network to one of 30 > different vlans on campus, based on an LDAP field. Currently, we are doing > this with huntgroups. Namely, we create a huntgroup for the NAS (in our > case, a network switch), and then in the users file, we put the following:
Credit to Alan DeKok for this idea - it was one of the first questions I asked on the list. Use two rlm_passwd modules to add "fake" items to the *request*: passwd nas2building { file = /etc/raddb/nas2building format = "*NAS-IP-Address:~MyBuilding" hashsize = 100 } passwd user2vlantype { file = /etc/raddb/user2vlantype format = "*User-Name:~MyVlanType" hashsize = 100 allowmultiplekeys = yes } ...then in the users file you reduce NxM to AxB which is a hopefully smaller combination: DEFAULT MyBuilding == "facility1", MyVlanType == "guests" ... DEFAULT MyBuilding == "facility1", MyVlanType == "staff" ... Note that if you're caching the files, FreeRadius will need to be HUPed to re-read them (boo!). Also, you'll need to add the MyXXX attributes to the dictionary like so: ATTRIBUTE MyBuilding 3000 string ATTRIBUTE MyVlanType 3001 string This could also be done cleaner (but slower) with cleverly designed SQL tables or stored procedures - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html