LDAP Group Default
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Fri Nov 18 12:19:10 CET 2016
Hi,
> I have want to the login user to be authorized according to their user
> grouping in Microsoft AD and also a catch all default. At the moment I am
> testing with two DEFAULT. Is it possible to do a Catch all DEFAULT. My
> example below only catch non hod group. Any help would be much
> appreciated. Thank you.
use Unlang and LDAP-Group etc eg in the post-auth phase of inner-tunnel, if doing EAP - ensuring
that the attributes are copied to the outer reply....as per the docs and inline comments:
pseudo code:
if(LDAP-Group = "cn=hod,cn=users,dc=smartoptz,dc=com"){
update reply {
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = "30"
}
else {
update reply {
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = "40"
}
alan
More information about the Freeradius-Users
mailing list