configuration question

Norbert Wegener nw at sbs.de
Tue Dec 13 16:59:05 CET 2005


At a switch we do 802.1x authentication with freeradius via EAP-TLS.
We take the User-Name from the certificate and check against AD, whether 
a valid account belongs to that machine.
If so, different data are returned from AD.
Among others the  primaryGroupID.

This group id shall be assigned as vlan-id to the switch,  if - and only 
if - this vlan-id is known by the switch, if not, a default vlan
should be setup.
I want to store the vlans a switch knows about, in a database and start 
a query, using the primaryGroupID  from AD to get the information, 
whether the switch knows this vlan. If not, a default vlan id shall be 
assigned.
As I did not yet succeed in the last part, my question is: Is this at 
all possible? How can I refer to the primaryGroupID, when querying the 
database?
Is there a much better solution for that problem?

Thanks
Norbert Wegener




More information about the Freeradius-Users mailing list