set 'Tunnel Private Group ID' based on OU in certificate?

Robert Myers ccrider at whiterose.net
Thu Feb 23 22:08:34 CET 2006 

Well, you'd approach it the same way you'd do group authentication in 
the users file.  Check out the users file documentation, then just 
understand that rlm_sql is just another users file.

-Bob

Carl Wahlin wrote:
>> What I'm doing to set these, is via the rlm_sql module.
>>
>> The tables are pretty straight forward, and could be manipulated
>> programmatically.   The sql tables are setup just like the users file,
>> and has group support and all.
>>
>> Maybe when you issue the cert, you could do some inserts into the DB?
>>
>> -Bob
>>     
>
> Sounds like something I should take a look at. I don't think I would need
> a separate entry for each cert. I would need one for each group of users
> belonging to ie. an OU. Not sure if I would be able to do this with the
> rlm_sql module, but I'll take a look.
>
> /Carl
>
>   
>>
>> Carl Wahlin wrote:
>>     
>>> Hello,
>>>
>>> Quite new to radius, so this might be a stupid question. Although I have
>>> been searching google for the last 2 hours trying to find the answer
>>> without any luck...
>>>
>>> So, we are testing ciscos new Airespace wlan controller and would like
>>> to
>>> map users based on "OrganizationalUnit" (or something else) in the
>>> certificate to a specific VLAN. Cisco calls this feature of changing
>>> default values with radius "AAA override". There are a few more things
>>> you
>>> can change (QoS profile etc), but we are only interested in the VLAN for
>>> now. I have managed to get it working for all EAP authentications but
>>> that
>>> does not at all serve my needs more than that I see that my wlan
>>> controller interprets the radius message correctly.
>>>
>>> DEFAULT Auth-Type := EAP
>>>         Tunnel-Type = 13,
>>>         Tunnel-Medium-Type = 6,
>>>         Tunnel-Private-Group-Id = 2
>>>
>>> So how can I get selective and change the Group-Id based on stuff in the
>>> certificate?
>>>
>>> /Carl W.
>>>
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>>>
>>>       
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>>     
>
>
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list