Re: Dynamic VLANs based on AD group membership
How do I configure FreeRADIUS to read the AD group membership attribute, See group membeship section in ldap module configuration. and how do I then pass the matching VLAN-ID back to the switch? Your switch documentation should tell you that. You normally use Tunnel-Type, Tunnel-Medium-Type and Tunnel-Private-Group-Id attributes. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Dynamic VLANs based on AD group membership
Follow-up question (sorry I'm new this): I'm currently authenticating users with FreeRadius against an AD database (PEAP-MS-CHAPv2). Would I still have to use the ldap module to get a user's AD group membership? Thanks, Daniel -Original Message- From: [EMAIL PROTECTED] g [mailto:[EMAIL PROTECTED] adius.org] On Behalf Of Ivan Kalik Sent: Tuesday, July 08, 2008 03:34 PM To: FreeRadius users mailing list Subject: Re: Dynamic VLANs based on AD group membership How do I configure FreeRADIUS to read the AD group membership attribute, See group membeship section in ldap module configuration. and how do I then pass the matching VLAN-ID back to the switch? Your switch documentation should tell you that. You normally use Tunnel-Type, Tunnel-Medium-Type and Tunnel-Private-Group-Id attributes. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Dynamic VLANs based on AD group membership
Daniel Baumann wrote: Follow-up question (sorry I'm new this): I'm currently authenticating users with FreeRadius against an AD database (PEAP-MS-CHAPv2). Would I still have to use the ldap module to get a user's AD group membership? Yes. There is no other way to get the AD group membership. See the AD documentation. If it says there's another way to get AD group membership, you can use that. Otherwise, use the method which IS documented: ldap queries. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
