All, I would appreciate comments on:
http://bugs.freeradius.org/show_bug.cgi?id=477 This allows slightly more flexibility. Obviously tricks like this are obsolete in 2.x but we're not there yet. We'll be running this locally - I'd very much like it accepted upstream if possible. Usage would be: /etc/raddb/hints: # lookup the machine zone in SQL DEFAULT Zone = `%{sql:...}`, Fall-Through = yes # strip the leading 3 bytes from MAC addresses DEFAULT Calling-Station-Id =~ "(..):(..):(..):..:..:.." Vendor = `%{1}-%{2}-%{3}` /etc/raddb/eth2name (used in a "passwd" to map Vendor to VendorName): 00-0c-29:virtual-vmware 00-16-3e:virtual-xen /etc/raddb/users: # don't send banned vlan to virtual machines DEFAULT VendorName =~ "virtual.*", Zone == "banned", Auth-Type := Reject # real machines get a banned vlan as opposed to rejection DEFAULT Zone == "banned" Tunnel-Medium-Type = IEEE-802, Tunnel-Type = VLAN, Tunnel-Private-Group-Id = `%{sql:...}` - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html