Hi Ashish, I got this working eventually, and I'll post the answer so that anyone else struggling with this doesn't go through the pain I did. Basically I got a lot of help from Craig (advanced tech support), and the following achieves my goal. Create a 'dummy' LDAP auth file and name it anything like LDAP-script.aut and place this file in the servcies folder. the contents of the file looks like this:- [Bootstrap] LibraryName=ldapauth.dll Enable=1 InitializationString=LDAP-Script [Settings] MaxConcurrent=1 Timeout=20 ConnectTimeout=25 QueryTimeout=10 WaitReconnect=2 MaxWaitReconnect=360 ;BindName=uid=<User-Name>, ou=sales, o=bigco.com LogLevel = 2 UpperCaseName = 0 PasswordCase=original PasswordFormat = 0 SSL = 0 MaxScriptSteps = 10000 ScriptTraceLevel = 2 ;FilterSpecialCharacterHandling = 0 ;ShutdownTimeout = 1 DelayConnect=1 [Server] s1= [Server/s1] Host=127.0.0.1 Port = 389 ;BindName=uid=admin, ou=sales, o=bigco.com ;BindPassword=secret [Failure] ;Accept=0 ;Profile=xyz ;FullName=Remote User [Request] %UserName = username ;Service-Type = ;%NASName = nameofnas %NASAddress = nasip [Response] ;Filter-Id = ;Session-Timeout = ;%FullName = ;%Password = Tunnel-Private-Group-ID=myvlan [Search/bogus] Base = o=bogus filter = uid=<username> Scope = 2 [ScriptTrace] attr = myvlan attr = nasip attr = username [Script] SbrWriteToLog("Script VLANAssign initialised"); var n = LdapVariables.Get("nasip"); var u = LdapVariables.Get("UserName"); if (u = "*@harry.com") { if (n == "10.1.1.1") var myvlan = LdapVariables.Add("myvlan","100"); } if (u = "*@harry.com") { if (n == "10.2.2.2") var myvlan = LdapVariables.Add("myvlan","200"); } if (n == "10.2.2.2.2") { if (u = "*@bob.com") var myvlan = LdapVariables.Add("myvlan","300"); } return SCRIPT_RET_SUCCESS; Restart SBR service LDAP-Script then appears as an auth type, make it an active type, and add TLS as a method. Move this Auth type up the list and make sure it is above any other EAP-TLS types you may have. I'm sure there are smarter ways of running the script, with else statements etc, so if any script monkey out there want to show me a better way, then please do. regards Andrew ... View more

I've got a license to run scripting now, and checked my script with scriptcheck, however the script doesn't run for some reason. I assume I need to include the script name is an ini file somewhere, and the only reference I have found is on .pro files, but this AAA will not act as a proxy. Does it need to go in the radius.ini file file or something? Any help would be appreciated ... View more

SBR AAA requirement:- I want to assign VLAN attributes to AAA auth requests:- Scenario:- 1 customer at numerous sites but each sites VLAN could be different multiple customers at 1 site, each requiring their own VLAN multiple customers at multiple sites with each customer requiring their own unique VLAN per site example:- Site1 User - *@customer1.com VLAN to be assigned is 100 User - *@customer2.com VLAN to be assigned is 200 We can identify the site by itÍs NAS IP Address = 1.1.1.1 Site2 User - *@customer1.com VLAN to be assigned is 300 User - *@customer2.com VLAN to be assigned is 400 We can identify the site by itÍs NAS IP Address = 2.2.2.2 IÍm guessing the script would look something like this, but this scripting is new to me so be gentle J:- [Settings] LogLevel=2 ScriptTraceLevel=2 [Script] SbrWriteToLog("Script VLANAssign initialised"); // nasip = filter.Get("NAS-IP-Address"); username = filter.Get("User-Name"); SbrWriteToLog("NAS IP is '" + nasip + "'"); if (nasip == "1.1.1.1") if (username == "*@customer1.com") filter.Replace("Tunnel-Private-Group-ID " , 100); } else if (nasip == "1.1.1.1") if (username == "*@customer2.com") { // site vlan = "200"; } else if (nasip == "2.2.2.2") if (username == "*@customer1.com") { // site2 // vlan = "300"; } else if (nasip == "2.2.2.2") if (username == "*@customer2.com") { // site2 // vlan = "400"; filter.Add("Tunnel-Private-Group-ID" , vlan); return SCRIPT_RET_SUCCESS; _ ... View more