Question about sending VLAN attributes to Access Points
Aiko Barz
aiko at chroot.de
Thu Sep 23 15:50:33 CEST 2010
On Tue, Sep 21, 2010 at 12:41:08PM +0100, Alan Buxey wrote:
> Hi,
>
> > is it possible to send attributes based on the used SSID?
>
> yes. as that can be gained from RADIUS attributes sent to the
> RADIUS server . where you do them, and how you do them - ie unlang,
> users, SQL huntgroups etc etc is down to you
What I needed:
DEFAULT Auth-Type = ntlm_auth
Exec-Program-Wait = "/usr/local/sbin/radius-vlan-attribute.pl %{User-Name} %{Called-Station-Id}"
Now I am able to ask various Active Directory servers by using
Net::LDAPS. This enables me to put the following parameters into
relation:
- DOMAIN
- username
- SSID
And it makes me more flexible when I have to deal with complex Active
Directory forest structures. The script returns something like
> Tunnel-Type = 13,
> Tunnel-Medium-Type = 6,
> Tunnel-Private-Group-ID = 1234
or nothing at all.
So long,
Aiko
--
:wq ✉
More information about the Freeradius-Users
mailing list