Where coudl I put this code Authorize, autenticate, postatuh, ldap module?
2009/8/18 Jason Alderfer <j...@emu.edu>: > >> So, I'm trying to use 802.1x dynamic VLAN assignment. I have this >> working when I conf the "users" file. However, I don't want to >> create/maintain the users file for 2,000 users! >> >> Is there an attribute in AD / LDAP I can use for the dynamic VLAN? >> Ideally I could do this at the "Group" level, such that when a user >> moves from one group to another their automagically assigned to the >> correct VLAN. > > If you're using version 2.0.5 or higher you can do this with unlang as > follows. This example sets the vlan based on the user's DN, but you > should be able to modify it to look at your group membership attribute. > Repeat for all relevant ldap groups. > > if (control:Ldap-UserDn =~ /ou=div,o=org/i) { > update reply { > Tunnel-Type := "VLAN" > Tunnel-Medium-Type := "IEEE-802" > Tunnel-Private-Group-Id := 9 > } > } > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html