Hello all, I currently have FR v2.1.6 (Yes, I'll upgrade...) running on RHEL5. I'm authenticating VPN users and Ci$co device shell access using SAMBA/ntlm_auth integration. "Everything" is working fine.
My next task is assigning Dynamic VLAN ID's. I have some test accounts/ports working using the "users" file, but I'm ready to take the next step to deploy DVLANs company wide, and want to assign the ID based on an AD/LDAP attribute. I prefer not to extend the schema and ideally would be able to assign the VLAN ID based on a "Group" attribute - so I don't have to go back and populate some attribute for a couple thousand users. Anyway, there are numerous posts about this issue / similar issues. I'm wondering if there is a "Best Practice" method or "Preferred" method to accomplish this? A method known to work better than another or works as well as anything but is "easy" to implement, etc. Or, is this one of those things where there is a dozen right answers and I just need to pick one and do it? Any thoughts appreciated! TIA! Gary
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html