Hello i have ldap and eap configured , im using the FreeRadius to Login in my switches , i have EAP working whit computer certificates im able to authenticate whit the cert .My problem is im trying to dynamically assign vlans to the computers in the different organizational units(OU) but i cant match Computers host name to the OUs .FreeRadius version is 3.0.17
This is my Users File configuration :
DEFAULT LDAP-UserDN == "sAMAccountName=%{Stripped-User-Name},OU=Administators,OU=Computers,DC= Domain,DC=local"
Tunnel-Type = "VLAN",
Tunnel-Medium-Type = "IEEE-802",
Tunnel-Private-Group-Id = "1",
this is my Hints configuration for removing the suffix and preffix ,the preffix part is not working i think this is part of my problem since im using ldap as database the computer user-name is host/PC1.domain.local but im unable to strip the "host/" part
DEFAULT Suffix == ".domain.local", Strip-User-Name = Yes
Hint = "domain.local",
Auth-type = LDAP
DEFAULT Prefix == "host/", Strip-User-Name = Yes
Hint = "host",
Auth-Type = LDAP
here is some of the Freeradius debug :
User object found at DN "CN=PC1,OU=Administrators,OU=Computers,OU=domain,OU=local"
(8) files: EXPAND sAMAccountName=%{Stripped-User-Name},OU=Administrators,OU=Computers,OU=domain,OU=local
(8) files: sAMAccountName=host/PC1,OU=Administrators,OU=Computers,OU=domain,OU=local
im having almost the same result if i use sAMAccountName=%{mschap:User-Name} insted of "sAMAccountName=%{Stripped-User-Name} :
sAMAccountName=PC1$,OU=Administrators,OU=Computers,OU=domain,OU=local
No comments:
Post a Comment