Granting varied levels of NAS permission based on LDAP group membership

Marco Gaiarin gaio at
Sun Apr 24 15:30:24 UTC 2022

Mandi! Nick Porter
  In chel di` si favelave...

> There is a caveat (down to Active Directory behaviour), the user's 
> primary group is not returned with either technique, and equally, nested 
> groups which the user's primary group is a member of will not be 
> returned.  That's just how Active Directory chooses to present group 
> membership in LDAP queries.

...but consider that in AD the default policy is to add users to 'Domain
Users' group:

so if you keep 'Domain Users' as default group and user only other group for
membership ''filter'' (in loose sense), you are OK...

  Errare è umano, ma per fare veramente casino
  ci vuole la password di root				(Zio Budda)

More information about the Freeradius-Users mailing list