How to restrict authorization to members of FreeIPA group

Kees Bakker keesb at
Tue Jul 9 15:01:34 CEST 2019


I'm very new to FreeRADIUS and I'm quite confused about the configuration.

We have a Cisco for VPN and we have FreeIPA for the user administration.
What I want is to only allow users in a FreeIPA group to connect to the VPN.
Notice that, as far as FreeRADIUS is concerned FreeIPA is just an LDAP

So far I am able to connect the radius server to our FreeIPA server. Using
the radtest command I can see that authentication works. (I'm not sure
about authorization, though.)

The Cisco is configured and FreeIPA users can connect to the VPN. However, I
haven't figured out how to restrict VPN to only users from a specific group.

Which configuration file do I need to adapt? Where should I be looking?

More information about the Freeradius-Users mailing list