Authenticate to AD but only allow certain group
Alan DeKok
aland at deployingradius.com
Mon Feb 3 22:18:44 CET 2014
Brian C. Huffman wrote:
> I would prefer to have this happen only when requests come from a
> specific client (wireless access point). In this case the idea is to
> have users only be able to get wireless access when they're in a
> specific AD group.
>
> How can I do this in freeradius?
If they're using wireless, and they're NOT in the group, reject.
Use the source IP for wireless access. Use LDAP-Group for the group
checks.
if ((Packet-Src-IP == 1.2.3.4) &&
!(LDAP-Group == "allowed-for-wireless)) {
reject
}
Alan DeKok.
More information about the Freeradius-Users
mailing list