RE: Dynamic VLAN attribute in LDAP or AD?

2009-08-24 Thread Jason Alderfer
depending on the correctness of a password. This is an authorization question - what kind of access will the authenticated user be given? -Original Message- From: Jason Alderfer [mailto:j...@emu.edu] Sent: Monday, August 24, 2009 2:10 PM To: Gary Gatten Subject: RE: Dynamic VLAN

Re: Dynamic VLAN attribute in LDAP or AD?

2009-08-18 Thread Jason Alderfer
So, I'm trying to use 802.1x dynamic VLAN assignment. I have this working when I conf the users file. However, I don't want to create/maintain the users file for 2,000 users! Is there an attribute in AD / LDAP I can use for the dynamic VLAN? Ideally I could do this at the Group level,

Re: Dynamic VLAN attribute in LDAP or AD?

2009-08-18 Thread Jason Alderfer
Where coudl I put this code Authorize, autenticate, postatuh, ldap module? Authorize So, I'm trying to use 802.1x dynamic VLAN assignment.  I have this working when I conf the users file.  However, I don't want to create/maintain the users file for 2,000 users! Is there an attribute in

RE: openLDAP freeRADIUS

2008-06-26 Thread Jason Alderfer
Use the script command. man script How can I get the log or the out of it? It is so long that the terminal doesn't allow me to scroll all the way back to the top. Is there a log? I found radius.log, but it had nothing. Is there a command to generate the log? Thanks. I know I am close

Re: Referencing Ldap-Group in unlang

2008-05-09 Thread Jason Alderfer
Jason Alderfer wrote: I would like to convert the following users file entry to unlang code in 2.0.4. DEFAULT Ldap-Group == cn=not_student,ou=n,o=emu Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802, Tunnel-Private-Group-Id = 6 But after reading the unlang man

Referencing Ldap-Group in unlang

2008-05-07 Thread Jason Alderfer
Hi all, I would like to convert the following users file entry to unlang code in 2.0.4. DEFAULT Ldap-Group == cn=not_student,ou=n,o=emu Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802, Tunnel-Private-Group-Id = 6 But after reading the unlang man page and trying it

Re: LDAP module problem in 2.0.3

2008-04-15 Thread Jason Alderfer
Hi Jason, with the answer from Alan we have found the dn-information in the control item. You must use %{control:Ldap-UserDn} instead of %{Ldap-UserDn} Perfect. Unlang works now. Thanks. However, there is still the problem with postauth. the function ldap_postauth in rlm_ldap.c still

LDAP module problem in 2.0.3

2008-04-14 Thread Jason Alderfer
Hello, I'm testing upgrading to 2.0.3 from 1.1.7 and it appears that the LDAP module in 2.0.3 is not setting the Ldap-UserDn in a way that is available for further analysis. The problem shows up when using edir_account_policy_check = yes and PEAP. This is the error from the debug output. +-

Re: LDAP module problem in 2.0.3

2008-04-14 Thread Jason Alderfer
Jason Alderfer wrote: I'm testing upgrading to 2.0.3 from 1.1.7 and it appears that the LDAP module in 2.0.3 is not setting the Ldap-UserDn in a way that is available for further analysis. It's now in the control item list. This should be better documented... But the function

Re: Ldap-UserDn not set correctly in 2.0.3

2008-04-11 Thread Jason Alderfer
It appears that the LDAP module in 2.0.3 is not setting the Ldap-UserDn in a way that is available for further analysis. The problem shows up when using edir_account_policy_check = yes and also when evaluating Ldap-UserDn with unlang or from other modules as described below in my previous post.

Problem with LDAP module in 2.0.3 -- Ldap-UserDn unavailable

2008-04-09 Thread Jason Alderfer
I'm testing upgrading from 1.1.7 to 2.0.3 and have run into a problem with the LDAP module. The problem appears in 2 places. First, I'm using the --with-edir option so I have password_attribute = nspmPassword and edir_account_policy_check = yes set. However, in 2.0.3, when I set