User authentication and radius group attribute



  • Hi,

    I am running FreeRadius with a MySQL backend and am trying to configure pfSense GUI authentication.  When I test the authentication it works fine, but the resulting display shows no group membership.  I have added the admins group to my MySQL usergroup database but I believe Radius is not returning the right attribute.

    What Radius attribute does pfSense expect to list the user group list?

    Thanks,
    Scott


  • Rebel Alliance Developer Netgate

    It expects a semicolon-separated list to be returned in the "Class" reply attribute.

    Like this:

    Class := "admins;VPNUsers"
    


  • Many thanks for that.  Problem solved.

    I did hunt around for an answer and couldn't find one - is this documented?  If not, can I update something to help others?

    Regards,
    Scott


  • Rebel Alliance Developer Netgate

    It's in a few places. The book, a few of the release notes around when the release was added… I think it's in the freeradius docs somewhere.



  • I must have old books.  Neither my Packt FreeRadius book (2011) or pfSense -TDG (2009) mentions the Class attribute.  I'll check the release notes - perhaps the feature was added after those books were published.

    Do regular users have write access to the Wiki?  I'm happy to create a page.

    Thanks,
    Scott


  • Rebel Alliance Developer Netgate

    Correct. It was after both of those books. It is in the current book you can get via pfSense Gold.


Log in to reply