I am using FR 2.1, at present I can authenticate users against AD and then assign VLAN membership<br>based on user-name via a MySQL database. What I would now like to do is assign vlan membership based<br>on the group membership of the user. When I do an ldapsearch of my AD for a user I get the following output:<br>
<br>mymachine:/home/jones # ldapsearch -x -D cn=radman04,cn=users,dc=<div id=":dn" class="ArwC7c ckChnd">MYDOMAIN,dc=co,dc=uk -h 10.10.6.131 -b cn=users,dc=MYDOMAIN,dc=co,dc=uk sAMAccountName=radman04 -W<br>Enter LDAP Password: <br>
# extended LDIF<br>#<br>
# LDAPv3<br># base <cn=users,dc=MYDOMAIN,dc=co,dc=uk> with scope subtree<br># <b>filter: sAMAccountName=radman04</b><br># requesting: ALL<br>#<br><br># radman04, Users, <a href="http://mydomain.co.uk/" target="_blank">MYDOMAIN.co.uk</a><br>
<b>dn: CN=radman04,CN=Users,DC=MYDOMAIN,DC=co,DC=uk</b><br>objectClass: top<br>objectClass: person<br>objectClass: organizationalPerson<br>objectClass: user<br>cn: radman04<br>givenName: radman04<br><b>distinguishedName: CN=radman04,CN=Users,DC=MYDOMAIN,DC=co,DC=uk</b><br>
instanceType: 4<br>whenCreated: 20090113021444.0Z<br>whenChanged: 20090113021444.0Z<br>displayName: radman04<br>uSNCreated: 36950<br><b>memberOf: CN=GROUPNAME,CN=Users,DC=MYDOMAIN,DC=co,DC=uk</b><br>uSNChanged: 36955<br>
name: radman04<br>
objectGUID:: yXoSg4Ln7EWYAuThBRuTSw==<br>userAccountControl: 66048<br>badPwdCount: 0<br>codePage: 0<br>countryCode: 0<br>badPasswordTime: 0<br>lastLogoff: 0<br>lastLogon: 0<br>pwdLastSet: 128762864842481250<br>primaryGroupID: 513<br>
objectSid:: AQUAAAAAAAUVAAAANdbgD79SSqoLLz2LYwQAAA==<br>accountExpires: 9223372036854775807<br>logonCount: 0<br>sAMAccountName: radman04<br>sAMAccountType: 805306368<br>userPrincipalName: radman04@<b>MYDOMAIN</b>.<a href="http://co.uk/" target="_blank">co.uk</a><br>
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=<b>MYDOMAIN</b>,DC=co,DC=uk<br><br># search result<br>search: 2<br>result: 0 Success<br><br># numResponses: 2<br># numEntries: 1<br><br>based upon the output how do I construct a method of assigning reply attributes for members of each group and what<br>
parts of the radius configuration do I need to change. I don't want to change from AD to ldap for authentication. <br>I have searched the archives but can't link all the elements I've found to solve my problem.<br>
<br>Thanks in advance</div>