Setting ntlm_auth parameters depending on NAS-IP-Address

Stefan Paetow Stefan.Paetow at
Wed May 7 10:23:40 CEST 2014

What's the error message when you try to run radiusd -X? 

Without the debug output, no-one knows what your condition was that you inserted, or where you inserted it, or what the error message is.


-----Original Message-----
From: at [ at] On Behalf Of Antoine Benkemoun
Sent: 07 May 2014 08:28
To: freeradius-users at
Subject: Setting ntlm_auth parameters depending on NAS-IP-Address


We currently have a Freeradius server version 2.1.12 used to authenticate our Wifi users against our Active Directory server. The link between Freeradius and the Active Directory is done by Winbind. In order for the user to be able to obtain authorization, it needs to be belong to a group in the Active Directory. This is done by adding an argument to the ntlm_auth command and it works great so far.

We are now adding 802.1X to our cabled networks and would like to re-use the existing Radius server to authenticate against the same Active Directory. Everything will be the same except the authorization will need to be based on whether the user belongs to a different one than that of the Wifi networks.

I have browsed the Freeradius documentation as much as possible and have seen that it is possible to use conditionnals and variables. My plan  therefore was to put a variable in the ntlm_auth command that would contain the group SID (as suggested on this mailing-list : The group SID would be dependent on the IP of the network device which should be contained in "NAS-IP-Address".

This should just be a case of writing a simple conditionnal statement and setting a variable. Nonetheless, I have not been able to do this as Freeradius will not start every time I try to add a conditional to the configuration files. I have tried doing it in the "default" site and a few other places.

How would I go about doing this ? Where would I put the conditional and how would I write it ?

Thank you in advance for your help,


List info/subscribe/unsubscribe? See

Janet(UK) is a trading name of Jisc Collections and Janet Limited, a 
not-for-profit company which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238

More information about the Freeradius-Users mailing list