set "Tunnel Private Group ID" based on OU in certificate?

Robert Myers ccrider at
Thu Feb 23 15:47:53 CET 2006

What I'm doing to set these, is via the rlm_sql module.

The tables are pretty straight forward, and could be manipulated 
programmatically.   The sql tables are setup just like the users file, 
and has group support and all.

Maybe when you issue the cert, you could do some inserts into the DB?


Carl Wahlin wrote:
> Hello,
> Quite new to radius, so this might be a stupid question. Although I have
> been searching google for the last 2 hours trying to find the answer
> without any luck...
> So, we are testing ciscos new Airespace wlan controller and would like to
> map users based on "OrganizationalUnit" (or something else) in the
> certificate to a specific VLAN. Cisco calls this feature of changing
> default values with radius "AAA override". There are a few more things you
> can change (QoS profile etc), but we are only interested in the VLAN for
> now. I have managed to get it working for all EAP authentications but that
> does not at all serve my needs more than that I see that my wlan
> controller interprets the radius message correctly.
> DEFAULT Auth-Type := EAP
>         Tunnel-Type = 13,
>         Tunnel-Medium-Type = 6,
>         Tunnel-Private-Group-Id = 2
> So how can I get selective and change the Group-Id based on stuff in the
> certificate?
> /Carl W.
> - 
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list