Thanks for answer Alan I did change the variable to the following Etc_group module file passwd radius_group { filename = /etc/freeradius/radius-groups format = "Radius1-Group:::*,User-Name" hashsize = 50 ignorenislike = yes allowmultiplekeys = yes delimiter = ":" } Added the following to dictionary file ATTRIBUTE Radius1-Group 3003 string Changed the users file DEFAULT NAS-IP-Address == 172.31.254.4, Radius1-Group == "wcs-superadmin" Cisco-AVPair += 'Wireless-WCS:role0=SuperUsers' DEFAULT NAS-IP-Address == 172.31.254.4, Radius1-Group == "wcs-monitors" Cisco-AVPair += 'Wireless-WCS:task0=Users and Groups' And still the debug looks the same Radius1-Group is getting set to the correct "group-name" but the +files returns noop [kmdov3] Added crypt-Password: 'crypt-password' to config_items Thu Jul 15 10:47:45 2010 : Info: ++[kmdov3] returns ok Thu Jul 15 10:47:45 2010 : Info: [radius_group] Added Radius1-Group: 'wcs-monitors' to config_items Thu Jul 15 10:47:45 2010 : Info: ++[radius_group] returns ok Thu Jul 15 10:47:45 2010 : Info: ++[chap] returns noop Thu Jul 15 10:47:45 2010 : Info: ++[mschap] returns noop Thu Jul 15 10:47:45 2010 : Info: [suffix] No '@' in User-Name = "jmd", looking up realm NULL Thu Jul 15 10:47:45 2010 : Info: [suffix] No such realm "NULL" Thu Jul 15 10:47:45 2010 : Info: ++[suffix] returns noop Thu Jul 15 10:47:45 2010 : Info: [eap] No EAP-Message, not doing EAP Thu Jul 15 10:47:45 2010 : Info: ++[eap] returns noop Thu Jul 15 10:47:45 2010 : Info: ++[files] returns noop Thu Jul 15 10:47:45 2010 : Info: ++[expiration] returns noop Thu Jul 15 10:47:45 2010 : Info: ++[logintime] returns noop Thu Jul 15 10:47:45 2010 : Info: ++[pap] returns updated Thu Jul 15 10:47:45 2010 : Info: Found Auth-Type = PAP Thu Jul 15 10:47:45 2010 : Info: +- entering group PAP {...} Thu Jul 15 10:47:45 2010 : Info: [pap] login attempt with password "password" Thu Jul 15 10:47:45 2010 : Info: [pap] Using CRYPT encryption. Thu Jul 15 10:47:45 2010 : Info: [pap] User authenticated successfully Thu Jul 15 10:47:45 2010 : Info: ++[pap] returns ok Thu Jul 15 10:47:45 2010 : Info: +- entering group post-auth {...} Thu Jul 15 10:47:45 2010 : Info: ++[exec] returns noop Sending Access-Accept of id 216 to 127.0.0.1 port 33716 Does it looks like I'm missing something somewhere ? Best regards Jan Madsen -----Oprindelig meddelelse----- Fra: freeradius-users-bounces+jmd=kmd.dk@lists.freeradius.org [mailto:freeradius-users-bounces+jmd=kmd.dk@lists.freeradius.org] På vegne af Alan DeKok Sendt: 15. juli 2010 10:30 Til: FreeRadius users mailing list Emne: Re: Getting groups to work, from a group file Madsen.Jan JMD wrote:
I want to check a group file for witch group a user is member off, and after that send specific commands back to the radius client, on behalf of witch group the client is a member of.
I can’t get freeradius to do the correct check on my Group variable in my users file, and I can’t figure out what I’m missig or what I’m doing wrong.
The "Group" and "Group-Name" attributes have pre-defined meanings. Don't use them,.
I have done the following ... format = "Group:::*,User-Name"
No. See raddb/modules/etc_group for a *working* example of a group configuration. See "man rlm_passwd" for more documentation on the same subject. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __________________________________________________________________________________________ KMD A/S, Lautrupparken 40-42, DK-2750 Ballerup, CVR-nr. 26911745 KMD er medlem af IT-Branchen og Dansk Erhverv samt anmeldt til Datatilsynet som edb-servicevirksomhed. KMD er certificeret i henhold til ISO 9001:2000, med Dansk Standard som certificerende organ og er desuden Microsoft Gold Certified Partner og Certificeret SAP Hosting Center. www.kmd.dk www.kundenet.kmd.dk www.organisator.dk www.kmdinternational.com Hvis du har modtaget denne e-mail ved en fejl, bedes du venligst give mig besked herom og slette den. If you received this e-mail by mistake, please notify me and delete it. Thank you. __________________________________________________________________________________________ KMD A/S, Lautrupparken 40-42, DK-2750 Ballerup, CVR-nr. 26911745 KMD er medlem af IT-Branchen og Dansk Erhverv samt anmeldt til Datatilsynet som edb-servicevirksomhed. KMD er certificeret i henhold til ISO 9001:2000, med Dansk Standard som certificerende organ og er desuden Microsoft Gold Certified Partner og Certificeret SAP Hosting Center. www.kmd.dk www.kundenet.kmd.dk www.organisator.dk www.kmdinternational.com Hvis du har modtaget denne e-mail ved en fejl, bedes du venligst give mig besked herom og slette den. If you received this e-mail by mistake, please notify me and delete it. Thank you.