FreeRadius does not pay attention to local groups
Freeradius should be aware of which groups a freeradius defined user is assigned to in the local groups to the system. This can be useful for my related issue https://redmine.pfsense.org/issues/13547
Updated by Mikael * about 2 months ago
Sorry, I may been unclear on the actual issue Jim. I'm referring to this piece of code for
getUserGroups : https://github.com/pfsense/pfsense/blob/5dbc71189c34ca845dc4451ca0bf5934f30bf59a/src/etc/inc/auth.inc#L1961
if RADIUS is the authentication type (which it is because I'm using FreeRadius as a plugin for authentication backend to pfSense on which the systems allows me to-do) it tries to get groups from the radius server (which makes sense) but there are no groups defined so it returns an empty response. See authentication diagnose: https://github.com/pfsense/pfsense/blob/8f2f85c3d79f70dbde4332930ff81dd56c767e25/src/usr/local/www/diag_authentication.php#L52
I think that when using FreeRadius as an authentication backend local to the system it should also pay attention to groups defined locally to the system and return it. The reason behind this logic is that I can create a local group and assign the proper web-gui permission and then assign a local user to the group. When I authenticate to the web-gui using freeradius as authentication backend it will match the client username to the local username which inherits permissions from the group assigned to the local user - this already happens today.