Hi Alex Am 15.08.2019 um 14:13 schrieb Alex Jordaan: [...]
This worked fine.
I am now trying to configure the system to only allow authentication if a user belongs to a specific group on AD
Below is my config that I added to the /etc/raddb/sites-enabled/default file in the post-auth section ----- ----- snip ----- ----- # Post-Authentication # Once we KNOW that the user has been authenticated, there are # additional steps we can take. post-auth { if (Group == "Store_WiFi_Access") { noop } else { reject
See: https://wiki.freeradius.org/modules/Rlm_ldap#group-support TL;DR: Use LDAP-Group instead. And for the full documentation as provided by NetworkRADIUS, also check out: https://networkradius.com/doc/current/raddb/mods-available/ldap.html If you have configure mods-available/ldap correctly you'd see it being loaded in the debug log output. Please remember that the list information mentions that when you provide debug log output, that you should provide all of it. (You snipped parts away) See: http://lists.freeradius.org/mailman/listinfo/freeradius-users -- Mathieu