Il 23/01/2012 14:48, Arnaud Loonstra ha scritto:
> But I reckon you could also do something like that in post-auth section
> if (Ldap-Group == "cn=mygroup,ou=groups,o=radius") {
> update reply {
> Tunnel-type = VLAN
> Tunnel-medium-type = IEEE-802
> Tunnel-Private-Group-Id = 1
> }
> }
I think it could be possible to do the same using exec, a script and
wbinfo... Just still don't know how.
With
for T in $(wbinfo --user-domgroups `wbinfo -n <ADusername>`) ; do
wbinfo -s $T;
done
I can get all AD groups <ADusername> is into. Checking group membership
would be even easier. But how do I set Tunnel-Private-Group-Id from an
exec-ed script?
BYtE,
Diego.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
