AD groups in user file for dynamic Vlans
Saleh Abuzid
Saleh.Abuzid at hist.no
Tue Jul 20 20:37:09 CEST 2010
Hello Freeradiususers,
I m trying to get freeradius to send vlan id to some group in AD( win 2003), but it seems that radius can not pull out the info. about the groups even that the radius is joined in AD. Radius ignores the group and goes back to the default or preferred Vlan. I m runing the last vers. of FreeRadius, her is my config :
DEFAULT Ldap-Group == XXXXXXXXX, NAS-IP-Address == "xxx.xxx.xxx.xxx"
Service-Type = Login-User,
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = 210,
Fall-Through = no
When I remove the Ldap-Group then radius can send a req. to vlan 210.
Just for info I m abel to pull out info. via wbinfo -g, I wonder if we have to do something in :
/etc/freeradius/modules/mschap in last lines:
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --domain=AD --username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
}
Any sugg.
Best regards
Saleh Abuzid
Gunnerus gate 1
Høgskolen i Sør-Trøndlag (HiST)
SPO-IKT
Avdelingsingeniør
tlf: 73559672
E-mail: Saleh.Abuzid at hist.no
Saleh Abuzid
Gunnerus gate 1
Høgskolen i Sør-Trøndlag (HiST)
SPO-IKT
Avdelingsingeniør
tlf: 73559672
E-mail: Saleh.Abuzid at hist.no
Saleh Abuzid
Gunnerus gate 1
Høgskolen i Sør-Trøndlag (HiST)
SPO-IKT
Avdelingsingeniør
tlf: 73559672
E-mail: Saleh.Abuzid at hist.no
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100720/38cd0756/attachment.html>
More information about the Freeradius-Users
mailing list