LDAP Group assign to vlan after AD user authentication
NdK
ndk.clanbo at gmail.com
Tue Jan 24 08:23:45 CET 2012
Il 23/01/2012 14:48, Arnaud Loonstra ha scritto:
> But I reckon you could also do something like that in post-auth section
> if (Ldap-Group == "cn=mygroup,ou=groups,o=radius") {
> update reply {
> Tunnel-type = VLAN
> Tunnel-medium-type = IEEE-802
> Tunnel-Private-Group-Id = 1
> }
> }
I think it could be possible to do the same using exec, a script and
wbinfo... Just still don't know how.
With
for T in $(wbinfo --user-domgroups `wbinfo -n <ADusername>`) ; do
wbinfo -s $T;
done
I can get all AD groups <ADusername> is into. Checking group membership
would be even easier. But how do I set Tunnel-Private-Group-Id from an
exec-ed script?
BYtE,
Diego.
More information about the Freeradius-Users
mailing list