Authenticate to AD but only allow certain group

Matt Zagrabelny mzagrabe at d.umn.edu
Mon Feb 3 22:47:22 CET 2014


On Mon, Feb 3, 2014 at 3:33 PM, Brian C. Huffman
<bhuffman at etinternational.com> wrote:
> Which file and section should this go in?

I use FR from the Debian packages, so I am not exactly sure where your
installed configs are. Here is where I would put it:

/etc/freeradius/sites-available/default

in the post-auth section:

post-auth {
    if ((Packet-Src-IP == 1.2.3.4) && !(LDAP-Group == "allowed-for-wireless)) {
        reject
    }

.
.
.
.
}

-mz


More information about the Freeradius-Users mailing list