On Mon, Aug 14, 2017 at 05:15:43PM -0300, Adam Cage wrote:
But we have to use LDAP authentication against an AD server, because in the near future we have to use the "ldap-group" attribute in order to group wifi users by SSID, and let them use different wifi networks.
You don't need to use LDAP to authenticate, just to check groups the user is in. With AD it's pretty unlikely that you will be able to use LDAP to authenticate anyway. For wireless pretty much the only option you've got is an LDAP bind when you're doing EAP-TTLS/PAP. Which some clients can't do.
Please confirm to me if I am ok or not, because maybe using your recommended configuration I can add the ldap-group attribute in order to select group of users by SSID.
Use Samba for authentication, then configure the ldap module for authorization. They're not mutually exclusive. -- Matthew