I have IAS running on Windows Server 2K3 with a WLC 4400 controlling several APs. What I would like to accomplish is this:
WLAN 1 - For normal domain users, radius profile set to match on Windows Group Domain Users.
WLAN 2 - For Executives, radius profile set to match on Windows Group ExecutiveWIreless.
All members of ExecutiveWireless are also Domain Users. I want to make certain that membership in the ExecutiveWireless group supercedes membership in the Domain Users group. I thought about adding a VSA for WLAN-ID, but that does not look like it can be used in the authentication process, only after authentication has occured.
Any help would be greatly appreciated.