On Fri, Feb 13, 2009 at 9:12 PM, Michael Schwartzkopff <mi...@multinet.de> wrote: > Am Freitag, 13. Februar 2009 11:00:10 schrieb Paul Dealy: >> On Fri, Feb 13, 2009 at 6:37 PM, Michael Schwartzkopff >> >> <mi...@multinet.de> wrote: >> > Am Freitag, 13. Februar 2009 07:17:17 schrieb Paul Dealy: >> >> I have a working radius server (ver 1.1.3). which I am using for >> >> 802.1x authentication of wired switch ports. I would like to >> >> dynamically assign users vlans. I have cisco gear and have achieved >> >> basic vlan allocation by configuring a Default entry in the users >> >> file. So the vlan allocation part works ok. >> >> >> >> What I want to be able to do is allocate the vlan by matching the >> >> value of an LDAP attribute. Not by group membership, but the actual >> >> value of a users attribute. Is this possible? >> >> >> >> Cheers, >> >> Dealy >> > >> > Yes. Just assign these attributes to the user object in LDAP. >> >> I have a value set for an attribute in LDAP, how do I "extract" the >> value from the attribute and do a comparison on it in the users file >> so I can set the VLAN? > > Hi, > > I don't remember exactly what I did on version 1. Please see: > http://vuksan.com/linux/dot1x/802-1x-LDAP.html > for some hints. > > I had something like > > DEFAULT Auth-Type .= LDAP > Reply-Message = "Auth by LADP" > > in my users file. Other attributes stored in an object of objectClass > radiusprofile should be added automatically to the Reply attributes.
I don't actually want to add radiusprofile attributes to my LDAP. The users already have an attribute which identifies their department. I want to be able to say if "department attribute = X then allocate VLAN Y". Can this be done without specifically setting the vlan etc as radiusprofile attributes. Also I am not using ldap for the authentication, just authorization. The authentication is done using ntlm_auth. > > It is much simpler in verison 2 of FreeRADIUS. It nearly works out of the box. > Just uncomment the ldap part in authorization and authentication sections. > > Greetings, > > > -- > Dr. Michael Schwartzkopff > MultiNET Services GmbH > Addresse: Bretonischer Ring 7; 85630 Grasbrunn; Germany > Tel: +49 - 89 - 45 69 11 0 > Fax: +49 - 89 - 45 69 11 21 > mob: +49 - 174 - 343 28 75 > > mail: mi...@multinet.de > web: www.multinet.de > > Sitz der Gesellschaft: 85630 Grasbrunn > Registergericht: Amtsgericht München HRB 114375 > Geschäftsführer: Günter Jurgeneit, Hubert Martens > > --- > > PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B > Skype: misch42 > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html