Group membership by SSID
Matthew Newton
mcn4 at leicester.ac.uk
Tue Feb 28 12:15:55 CET 2017
On Tue, Feb 28, 2017 at 12:04:33PM +0100, Ethariel wrote:
> FreeRADIUS Version 2.2.8, for host x86_64-pc-linux-gnu, built on Apr
Version 2 is obsolete; you should upgrade to version 3.
> I wish to have a variable in modules/mschap linked to SSID.
>
> --require-membership-of=DOMAIN/Group1 for Name_Lan
> --require-membership-of=DOMAIN/Group2 for Name_Perso
>
> I don't find how to replace Group1 and Group2 with a variable
In the same way as all the other attributes on the ntlm_auth line
(which I presume you're using for this): %{Attribute-Name}.
> (which variable ?).
You could use one of the standard temporary attributes, such as
Tmp-String-0
> As I understand the unlang doc I cannot create new variables.
or add your own as explained in raddb/dictionary.
They're RADIUS attributes, not "variables".
> TL;DR : how to test user group in AD based on SSID ?
Best way at present is to use LDAP by configuring the rlm_ldap module.
Matthew
--
Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list