Forums

Resolved
0 votes
Hello,
Using ClearOS Home, but since no support subscription I ask my questions here and hope someone can help.

At the moment it seems that every user account on the system can log in to our enterprise wifi (utilising the radius server auth) no matter what group membership they have. How can we configure so that only users with a specific group membership (named "radius_user" for instance) will be allowed to authenticate through radius?

I cannot find any options for this through the web GUI so I will probably need to edit a config-file somewhere, but I have the impression that this is fairly easy to set up. (fingers crossed)

Thank you!
Tuesday, February 15 2022, 02:43 PM
Share this post:

Accepted Answer

Thursday, March 17 2022, 03:32 PM - #Permalink
Resolved
0 votes
Thanks for your reply, Nick
Got it working now, we just changed the required group in /etc/raddb/clearos-users:

DEFAULT LDAP-Group != "CUSTOMGROUP", Auth-Type := Reject


Works like a charm!

Btw: I see you replying to loads of threads on the forum (almost only you, not many others are active). Are you employed at clearfoundation or any related company, or are you just very helpful? :-)
The reply is currently minimized Show
Responses (3)
  • Accepted Answer

    Thursday, March 17 2022, 11:28 AM - #Permalink
    Resolved
    0 votes
    This may sound odd, but when I last looked at it, the Radius installation was so broken (compared to its design intent) that it actually works, but only to validate AP access. Anything else is a manual config. I do have some notes about how to get it back to design intent if I can find them.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, March 17 2022, 03:45 PM - #Permalink
    Resolved
    0 votes
    Dag Ove Hoel wrote:
    Btw: I see you replying to loads of threads on the forum (almost only you, not many others are active). Are you employed at clearfoundation or any related company, or are you just very helpful? :-)
    I used to just be helpful and did it as a hobby. I became employed by Clearcenter 4 years ago (IIRC) and all the recent issues are from when they terminated my contract at the end of January. That termination has now been reversed.

    Years ago the forum was very active, but activity has fallen right off and very few users now help other users. It is a pity.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, March 17 2022, 03:58 PM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:
    I used to just be helpful and did it as a hobby. I became employed by Clearcenter 4 years ago (IIRC) and all the recent issues are from when they terminated my contract at the end of January. That termination has now been reversed.

    Years ago the forum was very active, but activity has fallen right off and very few users now help other users. It is a pity.


    Ok, cool! Congrats, you seem to be the main guy holding this forum together so its great that they reversed it.

    Would be great if the forum came back to life again with more active users. For us, without a support-subscription, every issue has been solved by plowing through endless linux-resources and forums to see what could possibly work. And that will often lead to additional issues because of how different ClearOS is set up compared to whatever other linux distros is out there. Even for CentOS.
    The reply is currently minimized Show
Your Reply