returning user and primary group (or any other ldap attribute) with radius response
tschweikle at gmail.com
Wed Aug 10 10:51:09 CEST 2016
2016-08-10 10:18 GMT+02:00 Alan DeKok <aland at deployingradius.com>:
> On Aug 10, 2016, at 10:14 AM, Thomas Schweikle <tschweikle at gmail.com> wrote:
>> After searching for long with google, or in the manuals, i was not
>> able to find any cookbook recipe to advice freeradius to respond with
>> username and primary group for an authenticated user.
The username and primary group or any other ldap provided attribute
for the given user.
> Probably because you can't normally do group assignments via RADIUS.
I do not mean group assignments via radius (I did not state this). I
mean returning the primary group or any other ldap attribute together
>> The access-point needs this to sort out users into guest or internal
>> networks. So how can I set up freeradius to return username and
>> primary group (or any other ldap attribute) with the OK-response?
> Your access point documentation should say which attributes it needs in the Access-Accept.
These are vague. At least the users username is quested. A group the
user belongs to would be nice too. And maybe further informations ...
> Then... configure FreeRADIUS to send those attributes.
And ... how is this done?????
Any hints? -- I was searching around for some days now and could not
find anything working. A lot of information, but nothing changing the
servers response. Any recipe what to do to make the server add
something like the username as a point to start with and experiment on
how the routers and access-points want these informations.
> Since you're not saying what the access point actually needs, any answer is necessarily vague.
> Provide better information, and you'll get a better answer.
I thought I was clear: what do I have to do to make freeradius add at
least a username to Access-Accept.
What do I have to do to make freeradius add the users primary group to
What do I have to do to add what ever group the user is in to Access-Accept.
And maybe on what do I have to do to make freeradius add whatever ldap
attribute from the users attributes to Access-Accept.
More information about the Freeradius-Users