RE: Dynamic VLANs based on AD group membership

[Daniel Baumann]

Follow-up question (sorry I'm new this): I'm currently authenticating
users with FreeRadius against an AD database (PEAP-MS-CHAPv2). Would I
still have to use the ldap module to get a user's AD group membership?

Thanks, 
Daniel

-Original Message-
From:
[EMAIL PROTECTED]
g
[mailto:[EMAIL PROTECTED]
adius.org] On Behalf Of Ivan Kalik
Sent: Tuesday, July 08, 2008 03:34 PM
To: FreeRadius users mailing list
Subject: Re: Dynamic VLANs based on AD group membership

>How do I configure FreeRADIUS to "read" the AD group membership
>attribute, 

See group membeship section in ldap module configuration.

>and how do I then pass the matching VLAN-ID back to the
>switch?

Your switch documentation should tell you that. You normally use
Tunnel-Type, Tunnel-Medium-Type and Tunnel-Private-Group-Id attributes.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Dynamic VLANs based on AD group membership

[Daniel Baumann]

Does anyone have a FreeRADIUS server handing out dynamic VLANs based on
group membership in AD to a HP 2800 series switch that's configured for
802.1X? 
How do I configure FreeRADIUS to "read" the AD group membership
attribute, and how do I then pass the matching VLAN-ID back to the
switch? 

Daniel

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html