hi guys, i want to assing VLAN based on groups entry and users on LDAP server. Actually my schema is divided in this way:
ou=groups -- cn=admin-vlan (with radiusProfile and items to set VLAN ID) -- cn=dev-vlan ou=people -- cn=testusers (that is a uniqueMember of admin-vlan) the only configuration that works is: ldap conf: ldap server1 { # # Note that this needs to match the name in the LDAP # server certificate, if you're using ldaps. server = "x.x.x.x" identity = "cn=Administrator,dc=mydomain,dc=com" password = passs basedn = "dc=mydomain,dc=com" filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" groupname_attribute = cn groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn})))" } users file: DEFAULT Ldap-Group == admin-vlan Service-Type = Framed-User, Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802, Tunnel-Private-Group-ID = 10 DEFAULT Ldap-Group == dev-vlan Service-Type = Framed-User, Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802, Tunnel-Private-Group-ID = 9 DEFAULT LDAP-Group != "admin-vlan", Auth-Type := Reject DEFAULT LDAP-Group != "dev-vlan", Auth-Type := Reject there is a possibility to get "Tunnel-Private-Group-ID and others" from the LDAP groups and not users file? i've read many times docs/rlm_ldap but cant get out of this problem :( Is it possible to do this configuration in conjunction with redundant ldap configuration?? thanks! -- View this message in context: http://freeradius.1045715.n5.nabble.com/LDAP-Groups-and-Dynamic-VLAN-assignment-tp4639157p4639157.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html