Hi,
> elsif (Ldap-Group == "netCoreClass-finance") {
> update reply {
> Tunnel-Private-Group-Id:1 := 124
> }
> }
> Authentication is against Active Directory. So while a user may get
> assigned to a VLAN based of their group membership, if they fail to
> actually authenticate I want to change what VLAN they are assigned to
> (want to put them into a guest VLAN).
> How can I update reply attributes further down the chain?
else {
update reply {
Tunnel-Private-Group-Id:1 := 666
}
> The reason I am doing this is I have an old Cisco wireless LAN controller
> that can't fall back to MAC 802.1x authentication. Therefore if a user
> fails with their credentials they fail to authenticate all together. So
> when coming from the wireless LAN controller I want always Accept.
what type of system is this? 802.1X ? if so, then you cant just blindly
Access-Accept
EAP auths if they've got incorrect user/pass - the WPA/WPA2 enterprise key is
derived from
mutual agreement.
if, however, this is just eg PAP with some captive portal thing then that'd
work.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
