User authentication and radius group attribute
-
Hi,
I am running FreeRadius with a MySQL backend and am trying to configure pfSense GUI authentication. When I test the authentication it works fine, but the resulting display shows no group membership. I have added the admins group to my MySQL usergroup database but I believe Radius is not returning the right attribute.
What Radius attribute does pfSense expect to list the user group list?
Thanks,
Scott -
It expects a semicolon-separated list to be returned in the "Class" reply attribute.
Like this:
Class := "admins;VPNUsers"
-
Many thanks for that. Problem solved.
I did hunt around for an answer and couldn't find one - is this documented? If not, can I update something to help others?
Regards,
Scott -
It's in a few places. The book, a few of the release notes around when the release was added… I think it's in the freeradius docs somewhere.
-
I must have old books. Neither my Packt FreeRadius book (2011) or pfSense -TDG (2009) mentions the Class attribute. I'll check the release notes - perhaps the feature was added after those books were published.
Do regular users have write access to the Wiki? I'm happy to create a page.
Thanks,
Scott -
Correct. It was after both of those books. It is in the current book you can get via pfSense Gold.