returning user and primary group (or any other ldap attribute) with radius response

Thomas Schweikle tschweikle at gmail.com
Wed Aug 10 10:51:09 CEST 2016 

Hmmmmmmmm???

2016-08-10 10:18 GMT+02:00 Alan DeKok <aland at deployingradius.com>:
> On Aug 10, 2016, at 10:14 AM, Thomas Schweikle <tschweikle at gmail.com> wrote:
>> After searching for long with google, or in the manuals, i was not
>> able to find any cookbook recipe to advice freeradius to respond with
>> username and primary group for an authenticated user.

The username and primary group or any other ldap provided attribute
for the given user.

>   Probably because you can't normally do group assignments via RADIUS.

I do not mean group assignments via radius (I did not state this). I
mean returning the primary group or any other ldap attribute together
with Access-Accept.

>> The access-point needs this to sort out users into guest or internal
>> networks. So how can I set up freeradius to return username and
>> primary group (or any other ldap attribute) with the OK-response?
>
>   Your access point documentation should say which attributes it needs in the Access-Accept.

These are vague. At least the users username is quested. A group the
user belongs to would be nice too. And maybe further informations ...

>   Then... configure FreeRADIUS to send those attributes.

And ... how is this done?????
Any hints? -- I was searching around for some days now and could not
find anything working. A lot of information, but nothing changing the
servers response. Any recipe what to do to make the server add
something like the username as a point to start with and experiment on
how the routers and access-points want these informations.

>   Since you're not saying what the access point actually needs, any answer is necessarily vague.
>   Provide better information, and you'll get a better answer.

???

I thought I was clear: what do I have to do to make freeradius add at
least a username to Access-Accept.
What do I have to do to make freeradius add the users primary group to
Access-Accept.
What do I have to do to add what ever group the user is in to Access-Accept.
And maybe on what do I have to do to make freeradius add whatever ldap
attribute from the users attributes to Access-Accept.

-- 
Thomas

More information about the Freeradius-Users mailing list