returning user and primary group (or any other ldap attribute) with radius response

Alan DeKok aland at
Wed Aug 10 10:18:42 CEST 2016

On Aug 10, 2016, at 10:14 AM, Thomas Schweikle <tschweikle at> wrote:
> After searching for long with google, or in the manuals, i was not
> able to find any cookbook recipe to advice freeradius to respond with
> username and primary group for an authenticated user.

  Probably because you can't normally do group assignments via RADIUS.

> The access-point needs this to sort out users into guest or internal
> networks. So how can I set up freeradius to return username and
> primary group (or any other ldap attribute) with the OK-response?

  Your access point documentation should say which attributes it needs in the Access-Accept.

  Then... configure FreeRADIUS to send those attributes.

  Since you're not saying what the access point actually needs, any answer is necessarily vague.  Provide better information, and you'll get a better answer.

  Alan DeKok.

More information about the Freeradius-Users mailing list