Fwd: FR + AD + Vlans + LDAP help

Jacob Jarick mem.namefix at gmail.com
Tue Apr 17 06:22:38 CEST 2007

I have been slowly reading through source docs (some are a bit full on
for me the 1st go) and I turned up this howto via google that
supposedly runs down the needed steps to auththenticate via ldap.


Im not sure what is happening atm, the wireless client trys to
authenticate but fails.

radiusd -X -A output: http://pastebin.ca/444005

Now I am still asumming radius can auth against ADS using ldap (am I
wrong or right there ppl), the config seems correct. If some1 could
once again point me in a direction to study more on Id be more than

Thanks alot.


users http://pastebin.ca/444008
clients.conf http://pastebin.ca/444009
naslist http://pastebin.ca/444010
dictionary http://pastebin.ca/444011
radiusd.conf http://pastebin.ca/444012

---------- Forwarded message ----------
From: Jacob Jarick <mem.namefix at gmail.com>
Date: Apr 17, 2007 11:11 AM
Subject: FR + AD + Vlans + LDAP help
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>


Im currently trying to configure freeradius to authenticate via a
win2k3 server, check the users group and then return a confirmation/
denial + vlan id for the cisco WAP to process.


1: Is ldap the only way of retreiving the users group/s

2 - Can I talk directly to the ADS using the ldap client (or however
its done) instead of setting up a linux openldap server.

3: Does users entry look correct it is ment to disallow people in the
group rejects, assign priv students to 1 vlan and students to the
other vlan:

# !! testing groups
DEFAULT         LDAP-Group == "rejects", Auth-Type := Reject
DEFAULT Auth-Type = ntlm_auth
        Fall-Through = 1

DEFAULT LDAP-Group == "staff"
        Service-Type = Framed-User,
        Tunnel-Type = :1:VLAN,
        Tunnel-Medium-Type = :1:6,
        Tunnel-Private-Group-ID = :1:140

DEFAULT LDAP-Group == "students"
        Service-Type = Framed-User,
        Tunnel-Type = :1:VLAN,
        Tunnel-Medium-Type = :1:6,
        Tunnel-Private-Group-ID = :1:141

More information about the Freeradius-Users mailing list