freeRadius/LDAP per NAS access

Alexander Clouter alex at
Mon Mar 7 23:14:04 CET 2011

Guy <guy at> wrote:
> I now have FreeRadius granting access and using LDAP for username and 
> password information.
> My next challenge, using the same Radius and LDAP server I would like 
> to grant different users access via different NAS clients.
> eg in LDAP I would have:
> uid=guy
> services: VPN
> services: WiFi
> If I have the "services: VPN" then I would be allowed to connect to 
> the VPN server and if I don't have that entry in my LDIF then it would 
> not be allowed to access.
> Any ideas on how to do this, simply?
..."Dear Lazyweb" eh?  You should really *attempt* to try, or show you 
have attempted something,

Now use "%{client:keyword}" in your LDAP xlat search query...

To be honest though, your approach *abuses* LDAP, you should be adding 
them to a *group*, not bloating-up and overloading the user object; 
otherwise you might as well use something horrible like SQL...


Alexander Clouter
.sigmonster says: A woman can never be too rich or too thin.

More information about the Freeradius-Users mailing list