Dynamic VLANs based on AD group membership
Daniel Baumann
dbaumann at hancockcollege.edu
Wed Jul 9 01:22:43 CEST 2008
Follow-up question (sorry I'm new this): I'm currently authenticating
users with FreeRadius against an AD database (PEAP-MS-CHAPv2). Would I
still have to use the ldap module to get a user's AD group membership?
Thanks,
Daniel
-----Original Message-----
From:
freeradius-users-bounces+dbaumann=hancockcollege.edu at lists.freeradius.or
g
[mailto:freeradius-users-bounces+dbaumann=hancockcollege.edu at lists.freer
adius.org] On Behalf Of Ivan Kalik
Sent: Tuesday, July 08, 2008 03:34 PM
To: FreeRadius users mailing list
Subject: Re: Dynamic VLANs based on AD group membership
>How do I configure FreeRADIUS to "read" the AD group membership
>attribute,
See group membeship section in ldap module configuration.
>and how do I then pass the matching VLAN-ID back to the
>switch?
Your switch documentation should tell you that. You normally use
Tunnel-Type, Tunnel-Medium-Type and Tunnel-Private-Group-Id attributes.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list