AD group Auth

Mathieu Simon (Lists) matsimon.lists at simweb.ch
Thu Aug 15 14:51:40 CEST 2019


Hi Alex

Am 15.08.2019 um 14:13 schrieb Alex Jordaan:
[...]
> 
> This worked fine.
> 
> I am now trying to configure the system to only allow authentication if a
> user belongs to a specific group on AD
> 
> Below is my config that I added to the /etc/raddb/sites-enabled/default
> file in the post-auth section
> ----- ----- snip ----- -----
> #  Post-Authentication
> #  Once we KNOW that the user has been authenticated, there are
> #  additional steps we can take.
> post-auth {
>         if (Group == "Store_WiFi_Access") {
>           noop
>         }
>         else {
>           reject
See: https://wiki.freeradius.org/modules/Rlm_ldap#group-support
TL;DR: Use LDAP-Group instead.

And for the full documentation as provided by NetworkRADIUS, also check
out:
https://networkradius.com/doc/current/raddb/mods-available/ldap.html

If you have configure mods-available/ldap correctly you'd see it being
loaded in the debug log output. Please remember that the list
information mentions that when you provide debug log output, that you
should provide all of it. (You snipped parts away)

See: http://lists.freeradius.org/mailman/listinfo/freeradius-users

-- Mathieu


More information about the Freeradius-Users mailing list