Local groups in FreeRadius ?

Phil Mayers p.mayers at imperial.ac.uk
Mon Aug 28 18:45:11 CEST 2006

Ami Schieber wrote:
> "man users" doesn't show me anything I find related to users file of 
> FreeRadius :
>        users - print the user names of users currently logged in to the 
> current host

Try "man 5 users". Man page names are only unique within section 
numbers. Alternatively, "man -a users" will show you all the pages 
calles users from each section in turn.

You want to read and understand "man 5 users" carefully else you'll get 
nowhere with FreeRadius. Additionally I'd point out since you didn't 
know how to use "man" properly, you might need to check a basic primer 
on unix else your time with FreeRadius will be EXTREMELY frustrating.

You said you had tried:

Ami          User-Password == "ami123"
                 Service-Type = Framed-User,
                 Framed-Protocol = PPP,
                 Fall-Through = Yes

FIGrp        Auth-Type := Local, MyGroup-Name := FIGrp
                 Reply-Message = "Hello from Group FIGrp, %u"

DEFAULT Pool-Name := main_pool, Auth-Type := Local
                 Fall-Through = Yes

...which is virtually all wrong. You want:

Ami	User-Password := "ami123"
	Fall-Through = yes

DEFAULT	MyGroup-Name == "FIGrp"
	Reply-Message = "Hello from group FIGrp",
	Fall-Through = yes

DEFAULT	Pool-Name := main_pool

With the server properly configured, you should not need to set 
Auth-Type and will ALMOST CERTAINLY break things if you do. You don't 
use == to compare passwords, but use := to *set* the server-side copy. 
You don't use := to compare, you use ==, and group names never go on the 
left-hand-side - either usernames or DEFAULT.

Hope that helps

More information about the Freeradius-Users mailing list