Freeradius-Users Digest, Vol 81, Issue 79

Rui Ribeiro ruyrybeyro at gmail.com
Tue Jan 24 10:16:05 CET 2012


> 
> 
> Message: 3
> Date: Tue, 24 Jan 2012 08:23:45 +0100
> From: NdK <ndk.clanbo at gmail.com>
> Subject: Re: LDAP Group assign to vlan after AD user authentication
> To: FreeRadius users mailing list
> 	<freeradius-users at lists.freeradius.org>
> Message-ID: <4F1E5C81.9080209 at gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
> 
> Il 23/01/2012 14:48, Arnaud Loonstra ha scritto:
> 
>> But I reckon you could also do something like that in post-auth section
>> if (Ldap-Group == "cn=mygroup,ou=groups,o=radius") {
>>  update reply {
>>    Tunnel-type = VLAN
>>    Tunnel-medium-type = IEEE-802
>>    Tunnel-Private-Group-Id = 1
>>  }
>> }
> I think it could be possible to do the same using exec, a script and
> wbinfo... Just still don't know how.
> With
> for T in $(wbinfo --user-domgroups `wbinfo -n <ADusername>`) ; do
> wbinfo -s $T;
> done
> I can get all AD groups <ADusername> is into. Checking group membership
> would be even easier. But how do I set Tunnel-Private-Group-Id from an
> exec-ed script?
> 
> BYtE,
> Diego.
> 

I checked it up with modifying the ldap module and then using the users file, at least for non-roaming users. Found out also by trial and error the output of wbinfo is not consistent. 

Best regards,
Rui Ribeiro



More information about the Freeradius-Users mailing list