Difan Zhao wrote:
You have to send some attributes to the switch. I am using Cisco
switches and here are the attributes that I need to send to the switch
to switch the port to VLAN 3:
bob Cleartext-Password := test
Tunnel-Type:0 = VLAN,
Tunnel-Medium-Type:0 = IEEE-802,
To: FreeRadius users mailing list
Subject: Re: VLAN Attribute ?
Difan Zhao wrote:
You have to send some attributes to the switch. I am using Cisco
switches and here are the attributes that I need to send to the switch
to switch the port to VLAN 3:
bob Cleartext-Password := test
Tunnel
Difan Zhao wrote:
BTW I also got a question for you. It has a :0 following the
Tunnel-Type. What is it for? I just removed it and it still works.
However in the Radius -X debug it still has the :0 appending the
attribute name. Any idea??
It's a tag. You can define up to 31 Tunnel-Type
Hi,
I'm seting up a FreeRadius Server using SQL backend to store
informations about NAS, Users and Groups. I search the Attribute to use
to allow a group in a VLAN of my switch.
My setup permit to authenticate a user and the group of the user. But
what is the attribute to use in table
, 2010 9:06 AM
To: freeradius-users@lists.freeradius.org
Subject: VLAN Attribute ?
Hi,
I'm seting up a FreeRadius Server using SQL backend to store
informations about NAS, Users and Groups. I search the Attribute to use
to allow a group in a VLAN of my switch.
My setup permit to authenticate
Gary Gatten wrote:
I'm assuming I can do roughly the same thing with NTLM_AUTH? I have
to use NTLM_Auth for 8021x (right? - at least all docs say this),
No, they don't.
They say that you need to use ntlm_auth for authentication in
*certain* cases, when the user database is Active
[mailto:freeradius-users-bounces+ggatten=waddell@lists.freeradius.or
g] On Behalf Of Jason Alderfer
Sent: Tuesday, August 18, 2009 2:18 PM
To: FreeRadius users mailing list
Subject: Re: Dynamic VLAN attribute in LDAP or AD?
So, I'm trying to use 802.1x dynamic VLAN assignment. I have
10:34 AM
To: 'FreeRadius users mailing list'
Cc: 'Jason Alderfer'
Subject: RE: Dynamic VLAN attribute in LDAP or AD?
I'm assuming I can do roughly the same thing with NTLM_AUTH? I have
to use NTLM_Auth for 8021x (right? - at least all docs say this), so if
I don't HAVE to use LDAP all the better
depending on
the correctness of a password. This is an authorization question - what
kind of access will the authenticated user be given?
-Original Message-
From: Jason Alderfer [mailto:j...@emu.edu]
Sent: Monday, August 24, 2009 2:10 PM
To: Gary Gatten
Subject: RE: Dynamic VLAN
Message -
From: freeradius-users-bounces+ggatten=waddell@lists.freeradius.org
freeradius-users-bounces+ggatten=waddell@lists.freeradius.org
To: freeradius-users@lists.freeradius.org
freeradius-users@lists.freeradius.org
Sent: Mon Aug 24 15:48:40 2009
Subject: RE: Dynamic VLAN attribute
So, by looking at this more carefully I'll have to do a bunch of
if/else's or cases? What if for instance I have 500 departments/groups
- 500 different vlans? I'll have to test each one?
I guess what I was hoping to do was something like:
Get attribute n for user y (where n = a value used
Agreed. I didn't know if I could do some group checking with ntlm_auth,
more accurately get a list of groups a user belongs to? If I used FQDN I
could prolly parse out the info I need from the user name as well:
gary.neteng.waddell Ill try LDAP - good learning experience!
No need. AD is
Hello, thanks for taking the time to read this. And thanks in advance
for the prompt replies!
I've read nearly all the docs and How To's I could find and none of them
(so far) address this. If I find an answer I'll be more than happy to
draft a How To as I would suspect this a desired
So, I'm trying to use 802.1x dynamic VLAN assignment. I have this
working when I conf the users file. However, I don't want to
create/maintain the users file for 2,000 users!
Is there an attribute in AD / LDAP I can use for the dynamic VLAN?
Ideally I could do this at the Group level,
@lists.freeradius.org
[mailto:freeradius-users-bounces+ggatten=waddell@lists.freeradius.or
g] On Behalf Of Jason Alderfer
Sent: Tuesday, August 18, 2009 2:18 PM
To: FreeRadius users mailing list
Subject: Re: Dynamic VLAN attribute in LDAP or AD?
So, I'm trying to use 802.1x dynamic VLAN assignment
Where coudl I put this code Authorize, autenticate, postatuh, ldap module?
2009/8/18 Jason Alderfer j...@emu.edu:
So, I'm trying to use 802.1x dynamic VLAN assignment. I have this
working when I conf the users file. However, I don't want to
create/maintain the users file for 2,000 users!
Where coudl I put this code Authorize, autenticate, postatuh, ldap module?
Authorize
So, I'm trying to use 802.1x dynamic VLAN assignment. I have this
working when I conf the users file. However, I don't want to
create/maintain the users file for 2,000 users!
Is there an attribute in
Gary Gatten wrote:
Dude, if it's this easy that would be SWEET! The How To's for TLS/PEAP
are a little outdated so I'm working on getting the CA working now
(CA.all doesn't exist anymore.)
See my message to the list of an hour or two ago. In v2, you have to
do almost *nothing* to get PEAP
Hi,
Where coudl I put this code Authorize, autenticate, postatuh, ldap module?
Authorize
postauth ?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hi
i have two questions on vlan attribute with proxy
we are proxying request with realms and the remote radius server
send vlan attribute stored in an openldap
first : how can we prevent this server to give vlan attribute it is not
allowed to use ( we don t manager this remote server )
second
Hi to all,
first thanks for this great software.
I've been using freeradius (linux server) with EAP-TLS with Windows Xp
clients for a while.
I'm using a CISCO 3550 switch with 802.1x supports as authenticator.
Now I'm trying to assign a restricted access vlan to hosts attached to
switch ports.
21 matches
Mail list logo