FR + AD + Vlans + LDAP help

Jacob Jarick mem.namefix at gmail.com
Tue Apr 17 05:11:06 CEST 2007


Hello,

Im currently trying to configure freeradius to authenticate via a
win2k3 server, check the users group and then return a confirmation/
denial + vlan id for the cisco WAP to process.

Questions:

1: Is ldap the only way of retreiving the users group/s

2 - Can I talk directly to the ADS using the ldap client (or however
its done) instead of setting up a linux openldap server.

3: Does users entry look correct it is ment to disallow people in the
group rejects, assign priv students to 1 vlan and students to the
other vlan:

# !! testing groups
DEFAULT 	LDAP-Group == "rejects", Auth-Type := Reject
DEFAULT	Auth-Type = ntlm_auth
	Fall-Through = 1

DEFAULT LDAP-Group == "staff"
	Service-Type = Framed-User,
	Tunnel-Type = :1:VLAN,
	Tunnel-Medium-Type = :1:6,
	Tunnel-Private-Group-ID = :1:140

DEFAULT LDAP-Group == "students"
	Service-Type = Framed-User,
	Tunnel-Type = :1:VLAN,
	Tunnel-Medium-Type = :1:6,
	Tunnel-Private-Group-ID = :1:141



More information about the Freeradius-Users mailing list