Question about sending VLAN attributes to Access Points

Aiko Barz aiko at chroot.de
Thu Sep 23 15:50:33 CEST 2010


On Tue, Sep 21, 2010 at 12:41:08PM +0100, Alan Buxey wrote:
> Hi,
> 
> > is it possible to send attributes based on the used SSID?
> 
> yes. as that can be gained from RADIUS attributes sent to the
> RADIUS server . where you do them, and how you do them - ie unlang,
> users, SQL huntgroups etc etc is down to you

What I needed:

DEFAULT Auth-Type = ntlm_auth
  Exec-Program-Wait = "/usr/local/sbin/radius-vlan-attribute.pl %{User-Name} %{Called-Station-Id}"

Now I am able to ask various Active Directory servers by using
Net::LDAPS. This enables me to put the following parameters into
relation:
- DOMAIN
- username
- SSID

And it makes me more flexible when I have to deal with complex Active
Directory forest structures. The script returns something like
> Tunnel-Type = 13,
> Tunnel-Medium-Type = 6,
> Tunnel-Private-Group-ID = 1234
or nothing at all.

So long,
    Aiko

-- 
:wq ✉



More information about the Freeradius-Users mailing list