freeradius primary ldap gid per client
How to allow certain primary ldap groups on certain accesspoints with freerardius and tunneled eap sessions
The client is known to the outer (default) session, but the gid is only known to the inner (inner-html).
->add new dictionary entries
ATTRIBUTE williGID 3000 integer
ATTRIBUTE williAllowedGID 3001 integer
->add list of allowed gids in hints
DEFAULT NAS-IP-Address == 192.168.72.3
williAllowedGID = 1003,
williAllowedGID += 101
->get gid assigned in ldap module
control:williGID := 'gidNumber'
->check it in authorize part of inner.tunnel
if (&outer.request:williAllowedGID){
if (&outer.request:williAllowedGID[*] == &control:williGID){
noop
}
else{
reject
}