How to return Filter-ID attribute value for the users in Active Directory?
Phil Mayers
p.mayers at imperial.ac.uk
Wed Jan 18 16:18:40 CET 2012
On 18/01/12 14:55, suggestme IT wrote:
>
> DEFAULT Ldap-Group == "Staff"
> Filter-ID := "Enterasys:version=1:policy=staff",
> Fall-Through = No
>
> But, How to do same like this for the users in Active Directory; How to
> return the Filter-ID attribute value if there is no group configured in
> Active Directory; there is just users listings who can be authenticated
> and authorized using the passwords provided.
>
> The main point is: I don't have any Group configured as Ldap-Group for
> staff or admin or for different types of users in Active Directory.
Do you want to return the same filter group for everyone?
If so, do this:
DEFAULT
Filter-Id := "value"
...or better, in the virtual server config:
post-auth {
update reply {
Filter-Id := "value"
}
}
If you want to return a different filter for different users, you will
obviously need some kind of lookup table from user->filter. That will
need to live somewhere.
More information about the Freeradius-Users
mailing list