Limit access of a SSID to a certain LDAP group
Hans-Peter Fuchs
Fuchs at rrz.uni-koeln.de
Thu Jan 15 09:00:50 CET 2009
Hello,
look in auth-detail here you see the requests from your nas.
Here is one request from our Cisco-Wlc (wism):
Thu Jan 15 06:01:06 2009
Packet-Type = Access-Request
User-Name = "gschwarz"
Calling-Station-Id = "00-1F-5B-D7-3D-53"
Called-Station-Id = "00-16-9D-7C-6D-50:UniKoeln-802.1X"
NAS-Port = 29
NAS-IP-Address = 172.20.30.4
NAS-Identifier = "wism-physik-b-1"
Airespace-Wlan-Id = 8
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "402"
EAP-Message = 0x0202000d01677363687761727a
Message-Authenticator = 0xb782030c7bce2f43a6fb92622476c5a2
Huntgroup-Name = "WISM"
Stripped-User-Name = "gschwarz"
Realm = "uni-koeln.de"
SQL-User-Name = "gschwarz"
Here you see the SSID: UniKoeln-802.1X and the vlan
(Tunnel-Private-Group-Id:0 = "402")
Am Donnerstag, den 15.01.2009, 03:33 +0100 schrieb tnt at kalik.net:
> >Interesting,
> >I have a similar situation except that I want to authorize users from
> >one SSID with ActiveDirectory, and from the other SSID with a local
> >mysql.
> >
> >How would I do that?
> >
>
> Freeradius doesn't care where is data coming from. You have to use
> groups. AD groups will also be in Ldap-Group while sql groups will be in
> SQL-Group.
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Mit freundlichen Grüßen
Hans-Peter Fuchs
Hans-Peter Fuchs - RRZK Zimmer 20
Zentrum für angewandte Informatik - Universitätsweiter Service RRZK
Universität zu Köln - Tel: 0221-470-6972
More information about the Freeradius-Users
mailing list