Non Ldap Group members being rejected

tnt at tnt at
Sun Feb 8 15:16:03 CET 2009

>At present I am using AD groups to assign roles to my users
>and rejecting users who are not members of the defined groups.
>    This is being done via the users file which looks like this:
>#If you are not in either group, no access is allowed
>#FreeRADIUS 2.1
>#These are the groups we are checking for Lunar Building staff
>DEFAULT         Ldap-Group == "lunar-staff"
>                Aruba-User-Role = "employee"
>DEFAULT         Ldap-Group == "lunar-member"
>                Aruba-User-Role = "member"
>DEFAULT         Ldap-group != "lunar-staff", Auth-Type := Reject
>DEFAULT         Ldap-group != "lunar-member", Auth-Type := Reject
>I now want to also include guest users whose credentials are in
>a MySQL database, what statement do I need to include in my users file
>to also allow the guest users to authenticate, since my current config
>allows only the Ldap Groups. I did have SQL working before I added the
>reject statements.

Add all SQL users to group guests. Then add before reject statements:

DEFAULT         SQL-Group == "guests"

and perhaps Aruba-User-Role = "guest".

Ivan Kalik
Kalik Informatika ISP

More information about the Freeradius-Users mailing list