Return User Groups in Class field

Christian Salway christian.salway at
Wed Nov 14 14:26:03 CET 2018

I use strongSwan to authenticate against FreeRadius which it does successfully but now I need FreeRadius to return the users groups in the Class field so strongSwan can check the User belongs to a group [1].

I've managed to work out how to add extra fields to the response by putting an update reply in the file /etc/raddb/sites-available/default

post-auth {
   update reply {
       Class = "%{Ldap-Group}"
Is that the place to put it??

but as you can see below, the Class is null.

(3) Sent Access-Accept Id 223 from to length 0
(3)   MS-MPPE-Encryption-Policy = Encryption-Allowed
(3)   MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
(3)   MS-MPPE-Send-Key = 0x316216f0c4d55abb0cb8c2c741cad90c
(3)   MS-MPPE-Recv-Key = 0x1ec76bc2958017969cbc3d67e716d4a4
(3)   EAP-Message = 0x03030004
(3)   Message-Authenticator = 0x00000000000000000000000000000000
(3)   User-Name = "christian.salway"
(3)   Class = 0x
(3) Finished request
How can I return the Users Active Directory groups in the Class field?

[1] <>

More information about the Freeradius-Users mailing list