> What I'm doing to set these, is via the rlm_sql module. > > The tables are pretty straight forward, and could be manipulated > programmatically. The sql tables are setup just like the users file, > and has group support and all. > > Maybe when you issue the cert, you could do some inserts into the DB? > > -Bob
Sounds like something I should take a look at. I don't think I would need a separate entry for each cert. I would need one for each group of users belonging to ie. an OU. Not sure if I would be able to do this with the rlm_sql module, but I'll take a look. /Carl > > > > Carl Wahlin wrote: >> Hello, >> >> Quite new to radius, so this might be a stupid question. Although I have >> been searching google for the last 2 hours trying to find the answer >> without any luck... >> >> So, we are testing ciscos new Airespace wlan controller and would like >> to >> map users based on "OrganizationalUnit" (or something else) in the >> certificate to a specific VLAN. Cisco calls this feature of changing >> default values with radius "AAA override". There are a few more things >> you >> can change (QoS profile etc), but we are only interested in the VLAN for >> now. I have managed to get it working for all EAP authentications but >> that >> does not at all serve my needs more than that I see that my wlan >> controller interprets the radius message correctly. >> >> DEFAULT Auth-Type := EAP >> Tunnel-Type = 13, >> Tunnel-Medium-Type = 6, >> Tunnel-Private-Group-Id = 2 >> >> So how can I get selective and change the Group-Id based on stuff in the >> certificate? >> >> /Carl W. >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html