Courier/smtp authentication

Philley Kalisha Mandiza philleyk at
Tue Nov 2 06:40:12 CET 2010

I have just installed freeradius on debian 5. I run a mail server with 
combination of postifix,courier and sqwebmail. I want to authenticate mail users 
through freeradius, i dont know how to go about it. can anyone assit.



From: Hugh Blandford <hugh at>
To: FreeRadius users mailing list <freeradius-users at>
Sent: Tue, November 2, 2010 7:16:21 AM
Subject: Re: LDAP Groups

Thank you Peter for your email.  I hadn't come across them in the list search.

On 2/11/2010 14:16, Alan DeKok wrote:
> Hugh Blandford wrote:
>> would mean you could add the attribute radiusGroupName to a user's entry
>> and it would then look up the relevant GroupofNames and add those
>> attributes to the return items.  However, when I add radiusGroupName to
>> a user's entry I don't see any groupname lookups in the debug at all.
>    No.  The documentation does not say it works that way.
When using the following sort of DEFAULT entry:

Ldap-Group == flat10000, User-Profile := 

there is no relevance to

groupmembership_attribute = radiusGroupName

Reading the rlm_ldap document.  I thought that the groupmembership_attribute was 
specified in the user entry which was then used to fetch the group information.

#      groupmembership_attribute: The attribute in the user entry that states
#      the group the user belongs to.  The attribute can either contain the
#      group name or the group DN. If it contains the group DN
#      groupmembership_attribute will also be used to find the group's name.
#      The attribute will be used after a search based on the
#      groupname_attribute and groupmembership_filter has failed.  default:
#      NULL - don't search for a group based on attributes in the user entry.

Alan I'm not saying you are wrong :-) more I don't understand under what 
circumstances / how it is used.

I do not see any group searching done in the debugs unless I specify an 
LDAP-Group entry in the users file.

I thought that with groupmembership_attribute = radiusGroupName set and an entry 

radiusGroupName = disabled or cn=disabled,ou=............. etc in a user entry 
it would return additional attributes listed in the disabled group.
>> What I actually want to do is might not be solved best by LDAP groups.
>> Most of our customers are in different VRFs and this, the loopback
>> address and DNS servers etc are returned.  Rather than store this
>> information under each user I would like to have template that I refer
>> to.  However, at the same time, having 50+ default entries didn't seem
>> the right way to do it either.
>    That's what groups are for.

Is it sensible to have 50 or so DEFAULT LDAP-Group entries?  Or does that show 
that I have totally failed in understanding what/how FreeRADIUS should be used.

Thanks for your help.


-- Hugh Blandford
Island Internet
ph 1300 130 428
mb 0412 016 875

List info/subscribe/unsubscribe? See

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list