Follow-up question (sorry I'm new this): I'm currently authenticating users with FreeRadius against an AD database (PEAP-MS-CHAPv2). Would I still have to use the ldap module to get a user's AD group membership?
Thanks, Daniel -----Original Message----- From: [EMAIL PROTECTED] g [mailto:[EMAIL PROTECTED] adius.org] On Behalf Of Ivan Kalik Sent: Tuesday, July 08, 2008 03:34 PM To: FreeRadius users mailing list Subject: Re: Dynamic VLANs based on AD group membership >How do I configure FreeRADIUS to "read" the AD group membership >attribute, See group membeship section in ldap module configuration. >and how do I then pass the matching VLAN-ID back to the >switch? Your switch documentation should tell you that. You normally use Tunnel-Type, Tunnel-Medium-Type and Tunnel-Private-Group-Id attributes. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html