Re: vlan ldap radiusd

Op 15 jul 2011, om 23:25 heeft Alexander Clouter het volgende geschreven: Serge van Namen svna...@snow.nl wrote: I accomplished to strip the username, it authenticates successfully against LDAP. But eventually it fails on EAP I think, because the username isn't the original from the

Re: vlan ldap radiusd

Op 14 jul 2011, om 21:30 heeft Alexander Clouter het volgende geschreven: Serge van Namen svna...@snow.nl wrote: I'm working on a proof-of-concept for 802.1x and dynamic vlan's on switches. All this works perfectly with user@realm, but now I want to read the vlan ID from a ldap

Re: vlan ldap radiusd

Serge van Namen svna...@snow.nl wrote: In our situation the user is bound to a VLAN, so on every workstation in the building the user authenticates and the switchport becomes a member of the correct VLAN. I *strongly* recommend not mixing host and user authentication, it's just too much

Re: vlan ldap radiusd

Op 15 jul 2011, om 11:26 heeft Alexander Clouter het volgende geschreven: Serge van Namen svna...@snow.nl wrote: In our situation the user is bound to a VLAN, so on every workstation in the building the user authenticates and the switchport becomes a member of the correct VLAN. I

Re: vlan ldap radiusd

Serge van Namen svna...@snow.nl wrote: 'un-registered' (user bootstrapped) workstations go into VLAN 'users-unmanaged' whilst our equipment goes into 'users-staff'. Hope that makes sense...? :) Do you mean: unauthorized, user be put in default (jailed) vlan? I work for a university so

Re: vlan ldap radiusd

Op 15 jul 2011, om 14:34 heeft Alexander Clouter het volgende geschreven: Serge van Namen svna...@snow.nl wrote: 'un-registered' (user bootstrapped) workstations go into VLAN 'users-unmanaged' whilst our equipment goes into 'users-staff'. Hope that makes sense...? :) Do you mean:

Re: vlan ldap radiusd

Serge van Namen svna...@snow.nl wrote: I accomplished to strip the username, it authenticates successfully against LDAP. But eventually it fails on EAP I think, because the username isn't the original from the request. [snipped] users: Matched entry DEFAULT at line 7

vlan ldap radiusd

Hi, I'm working on a proof-of-concept for 802.1x and dynamic vlan's on switches. All this works perfectly with user@realm, but now I want to read the vlan ID from a ldap attribute and then send the radius request with that value in Tunnel-Private-Group-ID. Can anyone give me a bump in the

Re: vlan ldap radiusd

On 14/07/11 13:09, Serge van Namen wrote: Hi, I'm working on a proof-of-concept for 802.1x and dynamic vlan's on switches. All this works perfectly with user@realm, but now I want to read the vlan ID from a ldap attribute and then send the radius request with that value in

Re: vlan ldap radiusd

Serge van Namen svna...@snow.nl wrote: I'm working on a proof-of-concept for 802.1x and dynamic vlan's on switches. All this works perfectly with user@realm, but now I want to read the vlan ID from a ldap attribute and then send the radius request with that value in