On 8/7/09 14:36, Ivan Kalik wrote: > Well, reply attributes don't appear from nowhere - *you* configure them! > List what you want to leave in the packet (lets say Service-Type) - rest > will be deleted.
That is the issue, I do not know what attributes we do want, only what we don't want. We only want to send back the VLAN switching dot1x attributes if the request comes from a particular huntgroup (containing devices that are allowed to do dot1x), the problem being one of these attributes is stored in LDAP (the actual VLAN number to put someone in). The idea is that the RADIUS server is also going to process other authentication requests aswell as dot1x requests, but to ensure that nothing gets triggered on other devices (Wireless etc.) these attributes can't be sent back devices that aren't allowed for dot1x. We can't be the only people wanting to do this? Or do you have any other suggestions as to how this can be achieved? Thanks Steve -- Steven Carr Systems Development Officer SLS/ITS/Systems - (0191) 515 3953
signature.asc
Description: OpenPGP digital signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html