I have looked on the list for this a few times but there doesn't appear to be a "how to", just an "it might work".
We are wanting to use freeradius with our wireless controller for .1x termination. It will need to authenticate to AD and based on the returned group hand back different attributes to the wireless controller. I don't have any way to do a static group request because the options are rather large here. AD needs to pass it back and then i can probably do a match in the freeradius users file and pass the controller an attribute (I think). We are using PEAP/MSCHAPv2 for this currently. We were going to just proxy this to a microsoft NPS but it appears that that option hands back attributes in the "wrong" place and overall just seems terrible. So far I have the ldap component querying AD correctly and I have the ntlm_auth component doing the same and each individually passing from a radtest. My question now revolves around passing the groups in our setup and if this is even possible using the protocols listed above. Unfortunately, we don't have the option to move away from these protocols in our environment. I'm a bit of a freeradius noob so any help is appreciated. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
