Users

Importing users

GreenRADIUS imports users from different LDAP servers:

  1. Active Directory
  2. OpenLDAP (there is also an onboard OpenLDAP which can be used as the user store)
  3. 389 DS
  4. FreeIPA

The LDAP server must remain reachable for GreenRADIUS to work, as authentication requests to GreenRADIUS involve a subsidiary request to the LDAP server.

LDAP configuration is found under the Directory Server tab.

LDAP configuration

Set the IP address/hostname/FQDN to point to a running LDAP server. The credentials must have the correct permission(s) to allow GreenRADIUS to log into the LDAP server and fetch (read) the user list.

Complete the additional fields to import users from your Active Directory or OpenLDAP. Note the following:

  • For the "Login Name Identifier"
    • For Active Directory, sAMAccountName is common, but other identifiers can also be used
    • For OpenLDAP, use uid
  • For the "Filter" field, consider importing users from a specific security group. An example filter string would be: (&(objectClass=person)(memberOf=CN=test_group,OU=Technology,DC=domain,DC=local)) Otherwise, to import all users, the filter string should be: (&(objectCategory=person)(objectClass=user))
  • The "Set Frequency" drop-down menu sets the scheduled frequency that GreenRADIUS will import/update users from your directory server

Next, click "Save and Import" to import the users into the selected domain.

The Users Tab

When a domain has been selected, the Users/Groups tab displays a list of users:

Users tab

From here you can perform administrative actions at the user level. These are covered in more detail in subsequent sections.

Groups

Group membership can be configured to be returned in the RADIUS response for each login attempt.

  1. Navigate to the Global Configuration tab > Client-based Authentication Policies screen of the RADIUS client you want to configure
  2. Check the checkbox for "Return User's Group Membership in RADIUS Response"
  3. Select "Class," "Filter-ID," or the specific VSA the RADIUS client requires
  4. Click the "Configure" link, and prioritize which group(s) should be returned in the RADIUS response
  5. The group(s) with the highest priority to which the user belongs will be returned in the RADIUS response. This can be tested in the RADIUS test of the Troubleshoot tab

Group Membership Configuration

  • A group setting of "0" means the group is not prioritized
  • A group setting of "1" is the highest priority
  • A group setting of "2" is the next highest priority, and so on

Group Membership Troubleshoot Test

Web Analytics Made Easy - StatCounter

Updated 2026-02-21
© 2026 Green Rocket Security Inc. All rights reserved.