fvt3 wrote:
Hi,
I have a question on configuring freeradius to return
vlan attributes base on a user group membership or ou.
I have a windows client xp sp2 using peap mschap2 to
authenticate off radius. How do I set radius to
return a vlan id of 10 if the user belongs to the
student group and if the user belongs to the teacher
group the user get a vlan id of 20? I have freeradius
to authenticate of Active Directory but its only
returning one vlan..
DEFAULT NAS-Port-Type == "Wireless-802.11"
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = 10,
Tunnel-Type = VLAN
Do I have add something else in the user file?
You will need to configure the LDAP module to fetch groups from ADs LDAP
server. See copious documentation or posts to the list. Broadly, once
the LDAP module is setup correctly:
DEFAULT NAS-Port-Type == "Wireless-802.11", Ldap-Group == "Students"
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = 10,
Tunnel-Type = VLAN
DEFAULT NAS-Port-Type == "Wireless-802.11", Ldap-Group == "Staff"
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = 20,
Tunnel-Type = VLAN
Alternatively if you fill AD in from some external system e.g. SQL
database you can pull from there, or dump the groups to a file like so:
username:groupname
...and use the (poorly-named) "passwd" module to add the group.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html