Hello,
Im currently trying to configure freeradius to authenticate via a
win2k3 server, check the users group and then return a confirmation/
denial + vlan id for the cisco WAP to process.
Questions:
1: Is ldap the only way of retreiving the users group/s
2 - Can I talk directly to the ADS using the ldap client (or however
its done) instead of setting up a linux openldap server.
3: Does users entry look correct it is ment to disallow people in the
group rejects, assign priv students to 1 vlan and students to the
other vlan:
# !! testing groups
DEFAULT LDAP-Group == "rejects", Auth-Type := Reject
DEFAULT Auth-Type = ntlm_auth
Fall-Through = 1
DEFAULT LDAP-Group == "staff"
Service-Type = Framed-User,
Tunnel-Type = :1:VLAN,
Tunnel-Medium-Type = :1:6,
Tunnel-Private-Group-ID = :1:140
DEFAULT LDAP-Group == "students"
Service-Type = Framed-User,
Tunnel-Type = :1:VLAN,
Tunnel-Medium-Type = :1:6,
Tunnel-Private-Group-ID = :1:141
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
