FreeRadius Group Membership not working



  • Good morning

    I’m looking into setting up the group membership option in freeradius ldap. I have PfSense V2.3.1

    I’ve set up the general options and everything works. I can query our AD for users. Now I want that only users can be queried that are in a certain group.
    Attached I have my general options. The query in filter is:

    (|(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) (mail=%{%{Stripped-User-Name}:-%{User-Name}}))

    But no matter what I set up in group membership it never finds a user. Only when I disable “Compare Check Item” it works. But then it works with almost all users.
    I set the Groupmembership Attribute to my group name, the rest I left with the default options.
    I’m starting to think it is because of my query in the general options. Could this be? Or do you have any other suggestions to what I have to do?

    Thanks

    ![general settings.JPG](/public/imported_attachments/1/general settings.JPG)
    ![general settings.JPG_thumb](/public/imported_attachments/1/general settings.JPG_thumb)



  • Stills seems to be a bug in the freeradius implementation of LDAP-Auhtorize.
    See my post here : https://forum.pfsense.org/index.php?topic=82209.msg566789#msg566789
    and this : https://forum.pfsense.org/index.php?topic=43675.msg515428#msg515428


Log in to reply