LDAP Group assign to vlan after AD user authentication

NdK ndk.clanbo at gmail.com
Tue Jan 24 08:23:45 CET 2012


Il 23/01/2012 14:48, Arnaud Loonstra ha scritto:

> But I reckon you could also do something like that in post-auth section
> if (Ldap-Group == "cn=mygroup,ou=groups,o=radius") {
>   update reply {
>     Tunnel-type = VLAN
>     Tunnel-medium-type = IEEE-802
>     Tunnel-Private-Group-Id = 1
>   }
> }
I think it could be possible to do the same using exec, a script and
wbinfo... Just still don't know how.
With
for T in $(wbinfo --user-domgroups `wbinfo -n <ADusername>`) ; do
 wbinfo -s $T;
done
I can get all AD groups <ADusername> is into. Checking group membership
would be even easier. But how do I set Tunnel-Private-Group-Id from an
exec-ed script?

BYtE,
 Diego.



More information about the Freeradius-Users mailing list