Authenticating users on LDAP based on Group name

Alan DeKok aland at
Tue Apr 21 15:44:53 CEST 2015

On Apr 21, 2015, at 12:07 AM, Jose Torres-Berrocal <jetsystemservices at> wrote:
> I noticed that my problem is that when using group options I get authorized
> successfully but does not get authenticated (Using Compare Check Items = No
> results in Access-Accept). When not using group options I get authorized
> and authenticated successfully.

  So... what does the debug output say?  You posted the configuration files, which aren't necessary, and don't help.

> Is there a way to do a two pass process?  If I could run the first pass
> without group options and the second pass if authenticated run with group
> options, I will get my desired result.

  The correct solution is to fix your policies.  They're wrong now.  It's best to understand *why* they're wrong, and fix the problem.

> By the way I found how to run in debug mode in pfsense and do some custome
> changes in the Users.conf file.

  Then post the debug output here.

  Alan DeKok.

More information about the Freeradius-Users mailing list