How to return Filter-ID attribute value for the users in Active Directory?

Phil Mayers p.mayers at
Wed Jan 18 16:18:40 CET 2012

On 18/01/12 14:55, suggestme IT wrote:
> DEFAULT Ldap-Group == "Staff"
> Filter-ID := "Enterasys:version=1:policy=staff",
> Fall-Through = No
> But, How to do same like this for the users in Active Directory; How to
> return the Filter-ID attribute value if there is no group configured in
> Active Directory; there is just users listings who can be authenticated
> and authorized using the passwords provided.
> The main point is: I don't have any Group configured as Ldap-Group for
> staff or admin or for different types of users in Active Directory.

Do you want to return the same filter group for everyone?

If so, do this:

	Filter-Id := "value"

...or better, in the virtual server config:

post-auth {
   update reply {
     Filter-Id := "value"

If you want to return a different filter for different users, you will 
obviously need some kind of lookup table from user->filter. That will 
need to live somewhere.

More information about the Freeradius-Users mailing list