Authorization with Active Directory

suggestme samanaupadhyay at
Wed Jan 4 14:45:37 CET 2012

I modified the LDAP module configuration as you suggested:

filter = "(&(extensionAttribute10=%{control:Tmp-String-0})

Also I did change in authorize section of my configuration of "default" and
"inner-tunnel" files; But I got confused with the conditional part: if
(Some-Condition == Some-Value). I don't know where this should be defined or
supplied while doing user testing using radtest.
where should this condition be defined or passed?

After configuration changes, I run server in debug mode as *radiusd -X*; and
run *radtest username password localhost 0 testing123* which just supplies
username and password; where to supply extension attribute value check
during radtest or where should condition be defined. OR how server knows to
check extension attribute for the username and password supplied during
radtest? Can you please make me clear?
In extensionAttribute10 of my active directory I have just put the values
for Wifi and VPN to test.

The configuration modification I have done as you suggested as:

#Not sure of if (Some-Condition == Some-Value) part so; tried putting if
(value == 0) which didn't work

*if (Some-Condition == Some-Value)* {
  update control{
    Tmp-String-0 := Wifi
   update control{
    Tmp-String-0 := VPN

I am really sorry if this is the simple question.
Thanks for the reply

View this message in context:
Sent from the FreeRadius - User mailing list archive at

More information about the Freeradius-Users mailing list