Conditional attributes with AD
Scott McLane Gardner
sgardne at uark.edu
Tue Mar 6 22:28:43 CET 2012
If anyone cares, I got this working by calling a script that contained the
following:
#!/bin/sh
for T in $(wbinfo --user-domgroups `wbinfo -n $1`) ; do wbinfo -s $T |
perl -ne 'chomp and print'; done
Which outputs a string containing all the groups the username is a member
of. I called the script from sites-available/default under post-auth like
so:
if (`/bin/sh /etc/freeradius/get_group.sh %{User-Name}` =~
/String.To.Match/) {
update reply {
Tunnel-type = VLAN
Tunnel-medium-type = IEEE-802
Tunnel-Private-Group-Id = 456
}
}
This was frustrating to figure out, but a good learning experience.
--Scott
More information about the Freeradius-Users
mailing list