We'd like to setup the following: A workstation is booted, the supplicant asks for the credentials, the cisco switch pa sses the credentials to a freeradius server, freeradius authenticates the user to an edirectory ldap server, freeradius decides which Tunnel-Private-Group-Id to send bac k to the switch to place the user into the correct VLAN.
The authentication/authorization works fine. The cisco switch accepts the returned VL AN info if we 'hard code it into the users files such as with: DEFAULT Tunnel-Private-Group-ID:1 := 901 Tunnel-Type:1 = VLAN, Tunnel-Medium-Type:1 = IEEE-802 We attempted to make the configuration more generic by setting Tunnel-Private-Group-I D equal to an LDAP attribute in ldap.attrmap. This would automatically associate the VLAN ID w/ the user. replyItem Tunnel-Private-Group-ID ourldapattribforthevlan That didn't work because freeradius wasn't associating a tag with the attribute(or wa s setting it to zero when responding to the switch. A wireshark capture confirmed the 0 tag. We attempted to add a :1 after Tunnel-Private-Group-ID, but that didn't pan o ut either. We then attempted to use unlang in the users file to accomplish the same thing. (Tunn el-Client-Endpoint was added to ldap.attrmap as dummy variable to hold the 'ourldapat tribforthevlan' from LDAP) DEFAULT Tunnel-Private-Group-ID:1 := `%{reply:Tunnel-Client-Endpoint}`, Tunnel-Type:1 = VLAN, Tunnel-Medium-Type:1 = IEEE-802 With this configuration, we tried countless combinations of backticks, single quotes, and double quotes. The best response we could send back to the switch was: Tunnel-Type:1 = VLAN Tunnel-Medium-Type:1 = IEEE-802 Tunnel-Private-Group-Id:1 = "" Has anyone else come across the issue with Cisco not dealing w/ 0 tags? Is there a wa y to use unlang to pull in the variables to be used in the users file? Thank you for taking the time to read this. After a couple of days of searching, we s till haven't come up w/ the correct search terms for google. Thank you, Mike Coles -- This message was sent on behalf of [EMAIL PROTECTED] at openSubscriber.com http://www.opensubscriber.com/messages/freeradius-users@lists.freeradius.org/topic.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html