depending on
the correctness of a password. This is an authorization question - what
kind of access will the authenticated user be given?
-Original Message-
From: Jason Alderfer [mailto:j...@emu.edu]
Sent: Monday, August 24, 2009 2:10 PM
To: Gary Gatten
Subject: RE: Dynamic VLAN
So, I'm trying to use 802.1x dynamic VLAN assignment. I have this
working when I conf the users file. However, I don't want to
create/maintain the users file for 2,000 users!
Is there an attribute in AD / LDAP I can use for the dynamic VLAN?
Ideally I could do this at the Group level,
Where coudl I put this code Authorize, autenticate, postatuh, ldap module?
Authorize
So, I'm trying to use 802.1x dynamic VLAN assignment. I have this
working when I conf the users file. However, I don't want to
create/maintain the users file for 2,000 users!
Is there an attribute in
Use the script command.
man script
How can I get the log or the out of it? It is so long that the terminal
doesn't allow me to scroll all the way back to the top. Is there a log? I
found radius.log, but it had nothing. Is there a command to generate the
log? Thanks. I know I am close
Jason Alderfer wrote:
I would like to convert the following users file entry to unlang code in
2.0.4.
DEFAULT Ldap-Group == cn=not_student,ou=n,o=emu
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = 6
But after reading the unlang man
Hi all,
I would like to convert the following users file entry to unlang code in
2.0.4.
DEFAULT Ldap-Group == cn=not_student,ou=n,o=emu
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = 6
But after reading the unlang man page and trying it
Hi Jason,
with the answer from Alan we have found the dn-information in the control
item. You must use %{control:Ldap-UserDn} instead of %{Ldap-UserDn}
Perfect. Unlang works now. Thanks.
However, there is still the problem with postauth.
the function ldap_postauth in rlm_ldap.c still
Hello,
I'm testing upgrading to 2.0.3 from 1.1.7 and it appears that the LDAP
module in 2.0.3 is not setting the Ldap-UserDn in a way that is available
for further analysis. The problem shows up when using
edir_account_policy_check = yes and PEAP. This is the error from the
debug output.
+-
Jason Alderfer wrote:
I'm testing upgrading to 2.0.3 from 1.1.7 and it appears that the LDAP
module in 2.0.3 is not setting the Ldap-UserDn in a way that is
available
for further analysis.
It's now in the control item list. This should be better
documented...
But the function
It appears that the LDAP module in 2.0.3 is not setting the Ldap-UserDn in
a way that is available for further analysis. The problem shows up when
using edir_account_policy_check = yes and also when evaluating
Ldap-UserDn with unlang or from other modules as described below in my
previous post.
I'm testing upgrading from 1.1.7 to 2.0.3 and have run into a problem with
the LDAP module. The problem appears in 2 places. First, I'm using the
--with-edir option so I have
password_attribute = nspmPassword
and
edir_account_policy_check = yes
set. However, in 2.0.3, when I set
11 matches
Mail list logo
