Authenticate to AD but only allow certain group

Matt Zagrabelny mzagrabe at
Mon Feb 3 22:47:22 CET 2014

On Mon, Feb 3, 2014 at 3:33 PM, Brian C. Huffman
<bhuffman at> wrote:
> Which file and section should this go in?

I use FR from the Debian packages, so I am not exactly sure where your
installed configs are. Here is where I would put it:


in the post-auth section:

post-auth {
    if ((Packet-Src-IP == && !(LDAP-Group == "allowed-for-wireless)) {



More information about the Freeradius-Users mailing list