Different Auth Methods based on client entries with ntlm_auth
O'Neil, Donald A.
DONALD.A.O'NEIL at saic.com
Fri May 27 19:15:54 CEST 2011
Ok... 2 other questions...
1) The wireless AP's I'm going to be connecting to the RADIUS server
have multiple SSID'd... can I pass that SSID information to Free Radius
and then map the group based on the SSID?
2) If I were to define a new variable/table entry in the SQL DB, rather
than a variable in the clients.conf file, would that same information be
passed to the auth entry as a variable I can map to the group
membership?
Don O'Neil
Senior Network Engineer
SAIC - CCSD Network Operations
(702) 351-7261 cell
(702) 799-6174 fax
0099-5941 wan
oneilda at saic.com
-----Original Message-----
From:
freeradius-users-bounces+donald.a.oneil=saic.com at lists.freeradius.org
[mailto:freeradius-users-bounces+donald.a.oneil=saic.com at lists.freeradiu
s.org] On Behalf Of Alan DeKok
Sent: Friday, May 27, 2011 5:40 AM
To: FreeRadius users mailing list
Subject: Re: Different Auth Methods based on client entries with
ntlm_auth
O'Neil, Donald A. wrote:
> I've followed the instructions on
>
http://deployingradius.com/documents/configuration/active_directory.html
and
> it works great for one group when I add the option
> --require-membership-of=SomeGroup but I need a way to figure out how
to
> specify that group name, perhaps based on the nastype, or some other
> variable I can set in the client configuration.
Put the group name into a temporary variable (Tmp-String-0), and then
edit the ntlm_auth line in raddb/modules/mschap:
ntlm_auth = ".... --require-membership-of=%{Tmp-String-0}"
That will be dynamically expanded at run time.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list