Fwd: FR + AD + Vlans + LDAP help

Jacob Jarick mem.namefix at gmail.com
Tue Apr 17 06:22:38 CEST 2007 

I have been slowly reading through source docs (some are a bit full on
for me the 1st go) and I turned up this howto via google that
supposedly runs down the needed steps to auththenticate via ldap.

http://www.telenovela-world.com/~spade/linux/howto/LDAP-Implementation-HOWTO/radius.html

Im not sure what is happening atm, the wireless client trys to
authenticate but fails.

radiusd -X -A output: http://pastebin.ca/444005

Now I am still asumming radius can auth against ADS using ldap (am I
wrong or right there ppl), the config seems correct. If some1 could
once again point me in a direction to study more on Id be more than
happy.

Thanks alot.

Files:

users http://pastebin.ca/444008
clients.conf http://pastebin.ca/444009
naslist http://pastebin.ca/444010
dictionary http://pastebin.ca/444011
radiusd.conf http://pastebin.ca/444012


---------- Forwarded message ----------
From: Jacob Jarick <mem.namefix at gmail.com>
Date: Apr 17, 2007 11:11 AM
Subject: FR + AD + Vlans + LDAP help
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>


Hello,

Im currently trying to configure freeradius to authenticate via a
win2k3 server, check the users group and then return a confirmation/
denial + vlan id for the cisco WAP to process.

Questions:

1: Is ldap the only way of retreiving the users group/s

2 - Can I talk directly to the ADS using the ldap client (or however
its done) instead of setting up a linux openldap server.

3: Does users entry look correct it is ment to disallow people in the
group rejects, assign priv students to 1 vlan and students to the
other vlan:

# !! testing groups
DEFAULT         LDAP-Group == "rejects", Auth-Type := Reject
DEFAULT Auth-Type = ntlm_auth
        Fall-Through = 1

DEFAULT LDAP-Group == "staff"
        Service-Type = Framed-User,
        Tunnel-Type = :1:VLAN,
        Tunnel-Medium-Type = :1:6,
        Tunnel-Private-Group-ID = :1:140

DEFAULT LDAP-Group == "students"
        Service-Type = Framed-User,
        Tunnel-Type = :1:VLAN,
        Tunnel-Medium-Type = :1:6,
        Tunnel-Private-Group-ID = :1:141

More information about the Freeradius-Users mailing list