> Hi, I have (with some help) got the freeradius server to authenticate and > sending the VLAN name > to the switch. But what I want to do is to use the freeradius server to > authenticate and set a VLAN > based on the certificate without the need of any other external database > lookup (ldap or sql). > > 1. Verify that the certificate is signed by your CA > 2. Check the CRL > 3. Check the OU field (or any other) in the certificate and then assign > VLAN based on that field. > > For option 1 & 2 the answer should be yes but for option 3 I have no real > clue on how to do it.
Have you try with the same value in FreeRADIUS users file field and in the certificate field ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
