Ok... 2 other questions... 1) The wireless AP's I'm going to be connecting to the RADIUS server have multiple SSID'd... can I pass that SSID information to Free Radius and then map the group based on the SSID?
2) If I were to define a new variable/table entry in the SQL DB, rather than a variable in the clients.conf file, would that same information be passed to the auth entry as a variable I can map to the group membership? Don O'Neil Senior Network Engineer SAIC - CCSD Network Operations (702) 351-7261 cell (702) 799-6174 fax 0099-5941 wan [email protected] -----Original Message----- From: freeradius-users-bounces+donald.a.oneil=saic....@lists.freeradius.org [mailto:[email protected] s.org] On Behalf Of Alan DeKok Sent: Friday, May 27, 2011 5:40 AM To: FreeRadius users mailing list Subject: Re: Different Auth Methods based on client entries with ntlm_auth O'Neil, Donald A. wrote: > I've followed the instructions on > http://deployingradius.com/documents/configuration/active_directory.html and > it works great for one group when I add the option > --require-membership-of=SomeGroup but I need a way to figure out how to > specify that group name, perhaps based on the nastype, or some other > variable I can set in the client configuration. Put the group name into a temporary variable (Tmp-String-0), and then edit the ntlm_auth line in raddb/modules/mschap: ntlm_auth = ".... --require-membership-of=%{Tmp-String-0}" That will be dynamically expanded at run time. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
