FreeRADIUS - Google LDAP - Error in debug mode - Regarding

Alan DeKok aland at
Mon Oct 25 15:32:23 CEST 2021

On O
> Regarding the certificates...
> In the above link there is a good description about the certificates. It is
> a good guide for the beginners...

  That file comes with the server... see /etc/raddb/certs, or /etc/freeradius/3.0/certs/ on debian systems.  There's no need to search the net for it.

  i.e. if you're editing the certs in the raddb/certs directory, that directory contains a README.

> But I failed to identify the documentation for the LDAP based user group
> restrictions to set the maximum connection, bandwidth limitation,download
> and upload limits (per user group of LDAP)

  There is no documentation which is "do exactly what I want".  We document how the server works.  It's up to you to put the pieces together.

  The short answer is that you can edit sites-enabled/default, and look for the post-auth section.  Then, edit it to add checks for the ldap group:

	if (LDAP-Group == "foo") {

  What goes inside of the "if" section is whatever you want to do when the group matches.  In this case, "update reply".

  There is tons of documentation and examples on how to send reply attributes back.

  If you're looking for *specific* attributes for your NAS, then please read the NAS documentation.  There's 1000 NAS vendors, each of whom have 1000 different models.  We don't document all of that.  Instead, the NAS vendor does.

  The NAS documentation will tell you which attributes to send back to do download/upload limits, etc.  All you need to do then is to configure FreeRADIUS with those attributes.

  Alan DeKok.

More information about the Freeradius-Users mailing list