authorization based on ldap attribute

Stefano Zanmarchi zanmarchi at
Wed Sep 19 18:03:11 CEST 2012

I've configured freeradius to authenticate users with PEAP, using
openldap to store NTLM hashes. It works fine.
Now I'd like to authorize only people who have the ldap attribute
"haDirittoEduroam" set to Y
(or the other way round: not to authorize users with
"haDirittoEduroam" set to N).
Below an example openldap entry.
Is there an easy way to achive this?

 dn: uid=uto.ughi at,dc=myorg,dc=it
 objectClass: sambaSamAccount
 objectClass: inetOrgPerson
 objectClass: person
 objectClass: dirittoEduroam
 cn: Uto
 sn: Ughi
 uid: uto.ughi at
 haDirittoEduroam: N
 sambaSID: 121212
 userPassword: {SSHA}EnK9jqiVGSPNi6EQwpqdpjThBJHtZ1fi
 sambaNTPassword: 2B466E3D3FB6AA4BF8AAAFEF8F59F6F3
 sambaLMPassword: E52CAC67419A9A224300941ECC02054C

thanks a lot for your help,

More information about the Freeradius-Users mailing list