>Am I correct in saying that the LDAP-attribute that is mapped to >Tunnel-Private-Group-ID would need to be set to the value of the the >VLAN I require? The LDAP-attribute that I wish to use curently >contains values like "ITISCP" and "ENISCP". I want to say if >attribute value == ITISCP set vlan to 226 (ie Tunnel-Private-Group-ID >= 226). Using ldap.attrmap mappings I would need to store the >required vlan in a LDAP attribute. (I can't change the LDAP only read >it). >
No. You can define your own attribute (let's say VLAN-Flag) in raddb/dictionary and use unlang in authorize section to test and set tunnel attributes. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html