On Thu, Dec 20, 2007 at 09:44:25PM +0100, Rutger Beyen wrote: > Hello, > I'm very glad I found a list like this. I hope some of you can help me with > this problem. > > I want to set up a project with 802.1X, so users accessing my cisco switch > first have to log on. I found out that I could use freeradius for this. But > what I want to do is verify if the credentials entered by the user (on a > WinXP) are correct, by checking with the Active Directory on a > Win2003Server. Using Ntlm_auth from the samba server is not an option. I > want to access the AD with the ldap protocol for compatibility reasons. > Next, I want to place the logged on user is a specific VLAN. So I have to > retrieve the user's vlan from the AD. Is there any way to configure > freeradius to do so? I would like to base the vlan on the OU of the person > in the AD. > Can you please provide me with the necessary steps to accomplish this? > > > Thank you very much, > Rutger
Rutger, I think that if you do not use ntlm_auth, you will need a 3rd party supplicant for the Windows boxes. You probably will need to use ntlm_auth and also bind to AD using the LDAP protocol to lookup the OU/VLAN. Ken - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html