Question about sending VLAN attributes to Access Points
Aiko Barz
aiko at chroot.de
Tue Sep 21 13:28:33 CEST 2010
Hello,
is it possible to send attributes based on the used SSID?
Setup:
SSID_X -> Access Point -> Freeradius -> ntlm_auth -> Active Directory
So, if an user enters SSID_X, Freeradius puts him into VLAN1234. If the
same person enters SSID_Y, he shall stay in the default VLAN1000. (Both
SSIDs use 802.1X against the same Freeradius Server. There has to be
only one radius server.)
I also discovered a hack to get a similar behavior. For example:
> DOMAIN\user Auth-Type = ntlm_auth
> Tunnel-Type = 13,
> Tunnel-Medium-Type = 6,
> Tunnel-Private-Group-ID = 1234
If the user uses "DOMAIN\user" as username, he enters VLAN1234. Using
"domain\user" makes him stay within the default VLAN1000, because
"domain\user" does not match the "users" configuration. The Active
Directory does not care about big and small letters and allows both
usernames.
But still, is it possible to send attributes based on the used SSID?
So long,
Aiko
--
:wq ✉
More information about the Freeradius-Users
mailing list