Hello,
Using ClearOS Home, but since no support subscription I ask my questions here and hope someone can help.
At the moment it seems that every user account on the system can log in to our enterprise wifi (utilising the radius server auth) no matter what group membership they have. How can we configure so that only users with a specific group membership (named "radius_user" for instance) will be allowed to authenticate through radius?
I cannot find any options for this through the web GUI so I will probably need to edit a config-file somewhere, but I have the impression that this is fairly easy to set up. (fingers crossed)
Thank you!
Using ClearOS Home, but since no support subscription I ask my questions here and hope someone can help.
At the moment it seems that every user account on the system can log in to our enterprise wifi (utilising the radius server auth) no matter what group membership they have. How can we configure so that only users with a specific group membership (named "radius_user" for instance) will be allowed to authenticate through radius?
I cannot find any options for this through the web GUI so I will probably need to edit a config-file somewhere, but I have the impression that this is fairly easy to set up. (fingers crossed)
Thank you!
Share this post:
Accepted Answer
Thanks for your reply, Nick
Got it working now, we just changed the required group in /etc/raddb/clearos-users:
Works like a charm!
Btw: I see you replying to loads of threads on the forum (almost only you, not many others are active). Are you employed at clearfoundation or any related company, or are you just very helpful? :-)
Got it working now, we just changed the required group in /etc/raddb/clearos-users:
DEFAULT LDAP-Group != "CUSTOMGROUP", Auth-Type := Reject
Works like a charm!
Btw: I see you replying to loads of threads on the forum (almost only you, not many others are active). Are you employed at clearfoundation or any related company, or are you just very helpful? :-)
Responses (3)
-
Accepted Answer
Nick Howitt wrote:
I used to just be helpful and did it as a hobby. I became employed by Clearcenter 4 years ago (IIRC) and all the recent issues are from when they terminated my contract at the end of January. That termination has now been reversed.
Years ago the forum was very active, but activity has fallen right off and very few users now help other users. It is a pity.
Ok, cool! Congrats, you seem to be the main guy holding this forum together so its great that they reversed it.
Would be great if the forum came back to life again with more active users. For us, without a support-subscription, every issue has been solved by plowing through endless linux-resources and forums to see what could possibly work. And that will often lead to additional issues because of how different ClearOS is set up compared to whatever other linux distros is out there. Even for CentOS. -
Accepted Answer
Dag Ove Hoel wrote:
I used to just be helpful and did it as a hobby. I became employed by Clearcenter 4 years ago (IIRC) and all the recent issues are from when they terminated my contract at the end of January. That termination has now been reversed.
Btw: I see you replying to loads of threads on the forum (almost only you, not many others are active). Are you employed at clearfoundation or any related company, or are you just very helpful? :-)
Years ago the forum was very active, but activity has fallen right off and very few users now help other users. It is a pity. -
Accepted Answer
This may sound odd, but when I last looked at it, the Radius installation was so broken (compared to its design intent) that it actually works, but only to validate AP access. Anything else is a manual config. I do have some notes about how to get it back to design intent if I can find them.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »