Dynamic Vlan Assignment Active Directory with winbind EAP-TLS 802.1x

Matthew Newton mcn at freeradius.org
Wed Aug 15 19:37:29 CEST 2018


On Wed, 2018-08-15 at 17:28 +0000, Kevin Virk wrote:
>            I came across this thread in my search for answers
> http://freeradius.1045715.n5.nabble.com/FreeRadius-3-0-11-and-
> Winbind-td5743424.html and it is stating that winbind is not the
> preferred  method for dynamic vlan assignment.   This thread is about
> two years old so I was hoping if anyone could answer if this was
> still the case.

It's still the same.

> I am using FreeRADIUS Version 2.2.8. As this was what was downloaded
> using the deb package on Ubuntu 16.04.

2.2.8 is obsolete. You should upgrade to 3.0.17. Or at least 2.2.10
(which is still obsolete).

> The setup I am hoping to achieve is EAP-TLS 802.1x that can
> dynamically assign vlans to users based off active directory
> information and has the ability to revoke certs and check active
> directory for disabled accounts and not allow them to auth. Is this
> possible?

Yes.

As you want EAP-TLS you don't need winbind.

Still use LDAP to get data about the user from AD.

-- 
Matthew



More information about the Freeradius-Users mailing list