I am using FR 2.1, at present I can authenticate users against AD and then assign VLAN membership based on user-name via a MySQL database. What I would now like to do is assign vlan membership based on the group membership of the user. When I do an ldapsearch of my AD for a user I get the following output:
mymachine:/home/jones # ldapsearch -x -D cn=radman04,cn=users,dc=MYDOMAIN,dc=co,dc=uk -h 10.10.6.131 -b cn=users,dc=MYDOMAIN,dc=co,dc=uk sAMAccountName=radman04 -W Enter LDAP Password: # extended LDIF # # LDAPv3 # base <cn=users,dc=MYDOMAIN,dc=co,dc=uk> with scope subtree # *filter: sAMAccountName=radman04* # requesting: ALL # # radman04, Users, MYDOMAIN.co.uk <http://mydomain.co.uk/> *dn: CN=radman04,CN=Users,DC=MYDOMAIN,DC=co,DC=uk* objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: radman04 givenName: radman04 *distinguishedName: CN=radman04,CN=Users,DC=MYDOMAIN,DC=co,DC=uk* instanceType: 4 whenCreated: 20090113021444.0Z whenChanged: 20090113021444.0Z displayName: radman04 uSNCreated: 36950 *memberOf: CN=GROUPNAME,CN=Users,DC=MYDOMAIN,DC=co,DC=uk* uSNChanged: 36955 name: radman04 objectGUID:: yXoSg4Ln7EWYAuThBRuTSw== userAccountControl: 66048 badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 0 lastLogoff: 0 lastLogon: 0 pwdLastSet: 128762864842481250 primaryGroupID: 513 objectSid:: AQUAAAAAAAUVAAAANdbgD79SSqoLLz2LYwQAAA== accountExpires: 9223372036854775807 logonCount: 0 sAMAccountName: radman04 sAMAccountType: 805306368 userPrincipalName: radma...@*mydomain*.co.uk objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=*MYDOMAIN* ,DC=co,DC=uk # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 based upon the output how do I construct a method of assigning reply attributes for members of each group and what parts of the radius configuration do I need to change. I don't want to change from AD to ldap for authentication. I have searched the archives but can't link all the elements I've found to solve my problem. Thanks in advance
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
