Jake, Thanks for the reply. Much appreciated. I have worked on this more and from what I have learned I need to configure the "users" file properly. I have a feeling that if I could figure out exactly what I need to put in there I would be in business. I just can't seem to find exactly what I need to do in there to identify AD groups and provide the right IEEE tags to the client. Mike
________________________________ From: freeradius-users-bounces+mwhitlow=bumail.bradley....@lists.freeradius.org on behalf of Sallee, Stephen (Jake) Sent: Fri 10/28/2011 3:39 PM To: FreeRadius users mailing list Subject: RE: AD integration We are actually looking into doing the same thing. Although we are probably going to add a custom attribute that we can set to the vlan of our choice, that way we can find the vlan by a simple ldap query without adding complex logic to the server. This to us seems the simplest route. It is worth noting that we do not have this in production yet so I cannot vouch for its real world effectiveness. As for getting the ldap query to work, you have already done the hard part. Once your server is able to auth users via ntlm the difficult part is over. We have setup a special account that has almost no privileges, only access to search AD. We use this account to interact with AD. If I remember correct deployingradius.com has an excellent walk through on the initial setup, I would try there for initial config instructions. Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor 900 College St. Belton, Texas 76513 Fone: 254-295-4658 Phax: 254-295-4221 From: freeradius-users-bounces+jake.sallee=umhb....@lists.freeradius.org [mailto:freeradius-users-bounces+jake.sallee=umhb....@lists.freeradius.org] On Behalf Of Whitlow, Michael Sent: Friday, October 28, 2011 3:18 PM To: freeradius-users@lists.freeradius.org Subject: AD integration Hello, I just got Freeradius running on Ubuntu and have successfully configured integration Active Directory using Samba and NTLM_AUTH. When I run "radtest" against Freeradius and put in AD credentials, it is successful. My next goal is to configure Freeradius to assign 802.1X VLANs for a wireless environment. In other words, users who are a member of ADGROUP1 get assigned vlan # 111, and users who are a member of ADGROUP2 get assigned vlan #222. I am unclear which direction to go to accomplish this. Any help would be greatly appreciated. Thanks much Mike Whitlow - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html