On 18/05/11 16:21, Doty, Seth wrote:
So far I have the ldap component querying AD correctly and I have the
ntlm_auth component doing the same and each individually passing from a
radtest. My question now revolves around passing the groups in our
setup and if this is even possible using the protocols listed above.
Unfortunately, we don't have the option to move away from these
protocols in our environment. I'm a bit of a freeradius noob so any
help is appreciated.
I don't really understand what you want, so I'm going to guess.
You have multiple groups. You want to read those from AD via LDAP, and
then set reply variables.
The main way to do this is to use unlang or a files module to check each
group in turn. For example, in /etc/raddb/sites-enabled/inner-tunnel:
post-auth {
...
if (Ldap-Group == staff) {
update reply {
Vlan-Attribute := 123
}
}
elsif (Ldap-Group == students) {
..
}
else {
..
}
}
Is this what you want? If not, can you explain why not?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
