set "Tunnel Private Group ID" based on OU in certificate?

Carl Wahlin cwahlin at
Wed Feb 22 21:53:04 CET 2006


Quite new to radius, so this might be a stupid question. Although I have
been searching google for the last 2 hours trying to find the answer
without any luck...

So, we are testing ciscos new Airespace wlan controller and would like to
map users based on "OrganizationalUnit" (or something else) in the
certificate to a specific VLAN. Cisco calls this feature of changing
default values with radius "AAA override". There are a few more things you
can change (QoS profile etc), but we are only interested in the VLAN for
now. I have managed to get it working for all EAP authentications but that
does not at all serve my needs more than that I see that my wlan
controller interprets the radius message correctly.

DEFAULT Auth-Type := EAP
        Tunnel-Type = 13,
        Tunnel-Medium-Type = 6,
        Tunnel-Private-Group-Id = 2

So how can I get selective and change the Group-Id based on stuff in the

/Carl W.

More information about the Freeradius-Users mailing list