Authenticate to AD but only allow certain group
Brian C. Huffman
bhuffman at etinternational.com
Mon Feb 3 22:33:32 CET 2014
Which file and section should this go in?
Thanks,
Brian
On 02/03/2014 04:18 PM, Alan DeKok wrote:
> Brian C. Huffman wrote:
>> I would prefer to have this happen only when requests come from a
>> specific client (wireless access point). In this case the idea is to
>> have users only be able to get wireless access when they're in a
>> specific AD group.
>>
>> How can I do this in freeradius?
> If they're using wireless, and they're NOT in the group, reject.
>
> Use the source IP for wireless access. Use LDAP-Group for the group
> checks.
>
>
> if ((Packet-Src-IP == 1.2.3.4) &&
> !(LDAP-Group == "allowed-for-wireless)) {
> reject
> }
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list