Well, you'd approach it the same way you'd do group authentication in
the users file. Check out the users file documentation, then just
understand that rlm_sql is just another users file.
-Bob
Carl Wahlin wrote:
What I'm doing to set these, is via the rlm_sql module.
The tables are pretty straight forward, and could be manipulated
programmatically. The sql tables are setup just like the users file,
and has group support and all.
Maybe when you issue the cert, you could do some inserts into the DB?
-Bob
Sounds like something I should take a look at. I don't think I would need
a separate entry for each cert. I would need one for each group of users
belonging to ie. an OU. Not sure if I would be able to do this with the
rlm_sql module, but I'll take a look.
/Carl
Carl Wahlin wrote:
Hello,
Quite new to radius, so this might be a stupid question. Although I have
been searching google for the last 2 hours trying to find the answer
without any luck...
So, we are testing ciscos new Airespace wlan controller and would like
to
map users based on "OrganizationalUnit" (or something else) in the
certificate to a specific VLAN. Cisco calls this feature of changing
default values with radius "AAA override". There are a few more things
you
can change (QoS profile etc), but we are only interested in the VLAN for
now. I have managed to get it working for all EAP authentications but
that
does not at all serve my needs more than that I see that my wlan
controller interprets the radius message correctly.
DEFAULT Auth-Type := EAP
Tunnel-Type = 13,
Tunnel-Medium-Type = 6,
Tunnel-Private-Group-Id = 2
So how can I get selective and change the Group-Id based on stuff in the
certificate?
/Carl W.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
