Grouping after Kerberos 5 authentication accepted?

Jason Chan jchan2 at
Fri Apr 20 15:07:11 CEST 2007

Hello Alan,

It works! After I changed the authorize_check_query the FreeRadius is
now able to check for attributes after Kerberos authentications. Thanks!


-----Original Message-----
From: Alan DeKok [mailto:aland at] 
Sent: Thursday, April 19, 2007 8:13 PM
To: jchan2 at; FreeRadius users mailing list
Subject: Re: Grouping after Kerberos 5 authentication accepted?

Jason Chan wrote:
> For example, Kerberos successfully authenticate admin/admin (yes I 
> don't use MySQL for authentication), and FreeRadius knows this user 
> has permission to access. Now, in the postauth part, FreeRadius 
> searches the radreply table in its MySQL database for the proper 
> attributes that this particular user has, say Service-Type = 
> Administrative-User. I store these attribute information in radreply 
> table and leave other tables empty.
> So, I edited the postauth_query in sql.conf:

  I think for historical reasons, you have to perform the query in the
authorize section.

  Alan DeKok.
--       - The web site of the book - The blog

No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 269.5.4/768 - Release Date: 4/19/2007
5:32 AM

More information about the Freeradius-Users mailing list