Using Groups to Limit Authentication to Network Devices

prashant.siemens at prashant.siemens at
Sat Mar 27 05:14:23 CET 2010

Hi Friend,

  I am new to Free radius server but I have worked on windows base RADIUS

  As I understood your requirement that u wanted to authenticate only
switches & PDU, on basis of group belongs.

  For this below are some logic steps that could help you out.

 1. Switches & PDu request should go to radius, for this you can try 802.1x
configuration to redirect authentication to wards radius.
 2. U should have radius configuration for authentication mechanism

    In this basis validity (e.g mac, name) & pl check while request coming
towards radius should have an infortion abt grup details.
for group in radius server should be connected to LDAP server where groups
are configure. Also auth. mechanism for radius should contain check for
"device belongs to which group"
3. client should have same configuration done for security, as the policies
are set on radius server.

On Fri, Mar 26, 2010 at 7:30 PM, Doug Warner <doug at> wrote:

> I'm trying to setup freeradius to authenticate users via LDAP but pull
> group
> information via MySQL.  I currently only need radius for authentication to
> network devices (switches, PDUs, etc) but want to make sure I set it up so
> that I don't shoot myself in the foot later.
> In trying to get the correct attributes assigned to a group I've noticed
> that
> I need to set Fall-Through on each group that a user belongs to in order to
> have later groups evaluated.  Is there a better way that I can say
> something
> like, "this client should check for access from these groups" so that I
> only
> need to set Fall-Through on certain groups instead of all?
> -Doug
> -
> List info/subscribe/unsubscribe? See

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list