Freeradius-Users Digest, Vol 81, Issue 79
Rui Ribeiro
ruyrybeyro at gmail.com
Tue Jan 24 10:16:05 CET 2012
>
>
> Message: 3
> Date: Tue, 24 Jan 2012 08:23:45 +0100
> From: NdK <ndk.clanbo at gmail.com>
> Subject: Re: LDAP Group assign to vlan after AD user authentication
> To: FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org>
> Message-ID: <4F1E5C81.9080209 at gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Il 23/01/2012 14:48, Arnaud Loonstra ha scritto:
>
>> But I reckon you could also do something like that in post-auth section
>> if (Ldap-Group == "cn=mygroup,ou=groups,o=radius") {
>> update reply {
>> Tunnel-type = VLAN
>> Tunnel-medium-type = IEEE-802
>> Tunnel-Private-Group-Id = 1
>> }
>> }
> I think it could be possible to do the same using exec, a script and
> wbinfo... Just still don't know how.
> With
> for T in $(wbinfo --user-domgroups `wbinfo -n <ADusername>`) ; do
> wbinfo -s $T;
> done
> I can get all AD groups <ADusername> is into. Checking group membership
> would be even easier. But how do I set Tunnel-Private-Group-Id from an
> exec-ed script?
>
> BYtE,
> Diego.
>
I checked it up with modifying the ldap module and then using the users file, at least for non-roaming users. Found out also by trial and error the output of wbinfo is not consistent.
Best regards,
Rui Ribeiro
More information about the Freeradius-Users
mailing list