You will need to configure the LDAP module to fetch groups from ADs LDAP
server. See copious documentation or posts to the list. Broadly, once the
LDAP module is setup correctly:
DEFAULT NAS-Port-Type == "Wireless-802.11", Ldap-Group == "Students"
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = 10,
Tunnel-Type = VLAN
DEFAULT NAS-Port-Type == "Wireless-802.11", Ldap-Group == "Staff"
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = 20,
Tunnel-Type = VLAN
The doc. states that LDAP only supports PAP. Is this a problem given he
said he's using PEAP/MSCHAPv2? How would LDAP do the authentication if it
doesn't have a clear text password? Or is the approach to use MSCHAPv2 for
authentication and then LDAP for authorization??
Thanks for helping me better understand...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
