freeradius filter ldap groups

Alan DeKok aland at
Mon Apr 23 14:20:30 CEST 2018

On Apr 23, 2018, at 8:04 AM, Juliano <julianosilva at> wrote:
> I'm having trouble setting an authentication rule on freeradius. To better
> contextualize my environment, I would like to explain that I have only one
> freeradius server, one ldap server and two wireless networks (WEB-USERS and
> WEB-ADMIN). It is also important to remember that each wifi network is
> associated with a vlan, it´s 500 and 501 and your sub network
> and, respectively

  That's standard.

> I need is that users of the users-wifi group only connect to the WEB-USERS
> network and users of the other group, called admin-wifi, can only connect to
> the WEB-ADMIN network.

  That's also standard.

> I read that in the [...] / sites-enabled / default / file there is a section
> called post-auth, in which I can do this filter. However I don´t haved
> succeed with this filters. I would like your help in this situation.

Q:  "I tried stuff and it didn't work.  What did I do wrong?"

A: We have no idea, because you didn't tell us what you did.

  Ask good questions:

  Then, type "ldap" into the search box on the wiki.  Click on the first link you find.  Read the documentation on "group".

  Much of what you need to do is documented.

  Alan DeKok.

More information about the Freeradius-Users mailing list