Dynamic VLANs based on AD group membership

[Alan DeKok]

Daniel Baumann wrote:
> Follow-up question (sorry I'm new this): I'm currently authenticating
> users with FreeRadius against an AD database (PEAP-MS-CHAPv2). Would I
> still have to use the ldap module to get a user's AD group membership?

  Yes.  There is no other way to get the AD group membership.

  See the AD documentation.  If it says there's another way to get AD
group membership, you can use that.  Otherwise, use the method which IS
documented: ldap queries.

  Alan DeKok.