Active directory integration and grant access base on AD group membership

Luc Paulin paulinster at
Tue Feb 14 17:57:14 CET 2017

Thanx Matthew,
I already had a look at that url but look like it doesn't work. must be
something I am not doing right .. but unsure what ..

I have create a huntgroup which look like this ..

wireless         NAS-IP-Address ==

and my users file only has the following line in it ..

DEFAULT    Ldap-Group == "admin-galaxie", Huntgroup-Name == "wireless"

So my understand is that users that aren't member of the wireless-users
group shouldn't be granted access to the wireless network/device. But that
isn't what happenning .. everyone is granted access

I have attach my radiusd -x log output

                       ( o o )
   Luc Paulin
   email: paulinster(at)
   Skype: paulinster

2017-02-14 11:33 GMT-05:00 Matthew Newton <mcn4 at>:

> On Tue, Feb 14, 2017 at 11:23:33AM -0500, Luc Paulin wrote:
> > Now I would like grant system access base on group membership from active
> > directory. How can this be done. I have tried by configuring the users
> and
> > huntgroup files, but look like it grant access to everyone if
> > username/password is good.
> Have a look at group support in rlm_ldap.
> Matthew
> --
> Matthew Newton, Ph.D. <mcn4 at>
> Systems Specialist, Infrastructure Services,
> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
> For IT help contact helpdesk extn. 2253, <ithelp at>
> -
> List info/subscribe/unsubscribe? See
> list/users.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: radius-log
Type: application/octet-stream
Size: 51562 bytes
Desc: not available
URL: <>

More information about the Freeradius-Users mailing list