At a switch we do 802.1x authentication with freeradius via EAP-TLS.
We take the User-Name from the certificate and check against AD, whether
a valid account belongs to that machine.
If so, different data are returned from AD.
Among others the primaryGroupID.
This group id shall be assigned as vlan-id to the switch, if - and only
if - this vlan-id is known by the switch, if not, a default vlan
should be setup.
I want to store the vlans a switch knows about, in a database and start
a query, using the primaryGroupID from AD to get the information,
whether the switch knows this vlan. If not, a default vlan id shall be
assigned.
As I did not yet succeed in the last part, my question is: Is this at
all possible? How can I refer to the primaryGroupID, when querying the
database?
Is there a much better solution for that problem?
Thanks
Norbert Wegener
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
