Help checking group membership with FreeRadius

Josh Hiner josh at remc1.org
Mon Mar 23 16:22:22 CET 2009


Currently we have a radius server that performs authentication off our samba domain controller for wireless users. This works great. I would like to limit users so they must be a member of the wireless group in order to connect. Since the /etc/group file is on a different server I believe I cannot use the etc_group module. Also, in order to use that module the user must have a valid account on the radius server as well.

Any ideas on checking group membership? I use ntlm_auth in the mschap module for authentication in Freeradius ver 2.1.3-1.

Here is the string in the users file to limit to the wireless group (its all on one line, email may wrap it):
DEFAULT        Called-Station-Id =~ "CCISD-REMC1", Group != "wireless", Auth-Type := Reject

here is my ntlm_auth line: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name:-None} --domain=ISD --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"

thanks for any help =D


*** This Email was sent by a system administrator in  REMC #1.



More information about the Freeradius-Users mailing list