From viktu at rectorat.url.edu Fri Jun 10 08:34:03 2022 From: viktu at rectorat.url.edu (=?iso-8859-1?Q?V=EDktu_Pons_i_Colomer?=) Date: Fri, 10 Jun 2022 08:34:03 +0000 Subject: [RADIATOR] Read LDAP attributes In-Reply-To: References: Message-ID: Hi all, I am trying to configure Radiator server to set VLAN per user. I have tried with AD group membership and LSA authentication, but it does not work if the users belong to nested groups. Now I try to perform the authentication by LSA as well, but trying to use LDAP2 to read an attribute where we have the user's VLAN. But I am facing an issue: If I try to read the TelePhoneNumber attribute, for instance, it works, but if I try to read the Pager nothing appears in the logs and ignores the configuration. I attach the configuration below. Any ideas? Thanks! Identifier LSA_Staff EAPType MSCHAP-V2 AutoMPPEKeys UsernameMatchesWithoutRealm NoDefault Identifier LDAP_AD Host - Port - AuthDN - AuthPassword - UsernameAttr sAMAccountName AuthAttrDef pager,Tunnel-Private-Group-ID,reply # AuthAttrDef TelePhoneNumber,Tunnel-Private-Group-ID,check NoEAP NoDefault Identifier Auth_Staff AuthByPolicy ContinueUntilRejectOrChallenge AuthBy LSA_Staff AuthBy LDAP_AD AddToReplyIfNotExist Tunnel-Type =0:VLAN,Tunnel-Medium-Type =0:Ether_802 -------------------------- Viktu Pons i Colomer -------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: From hugh at open.com.au Fri Jun 10 08:48:45 2022 From: hugh at open.com.au (Hugh Irvine) Date: Fri, 10 Jun 2022 18:48:45 +1000 Subject: [RADIATOR] Read LDAP attributes In-Reply-To: References: Message-ID: <2B1D78A8-3952-4C57-9E8D-58D9259B261E@open.com.au> Hello Viktu - Can you please send us a Trace 4 debug showing what is happening? thanks and regards Hugh > On 10 Jun 2022, at 18:34, V?ktu Pons i Colomer wrote: > > Hi all, > > I am trying to configure Radiator server to set VLAN per user. > I have tried with AD group membership and LSA authentication, but it does not work if the users belong to nested groups. > > Now I try to perform the authentication by LSA as well, but trying to use LDAP2 to read an attribute where we have the user?s VLAN. > > But I am facing an issue: If I try to read the TelePhoneNumber attribute, for instance, it works, but if I try to read the Pager nothing appears in the logs and ignores the configuration. > I attach the configuration below. > > Any ideas? Thanks! > > > Identifier LSA_Staff > EAPType MSCHAP-V2 > AutoMPPEKeys > UsernameMatchesWithoutRealm > NoDefault > > > > Identifier LDAP_AD > Host - > Port - > AuthDN - > AuthPassword - > UsernameAttr sAMAccountName > AuthAttrDef pager,Tunnel-Private-Group-ID,reply > # AuthAttrDef TelePhoneNumber,Tunnel-Private-Group-ID,check > NoEAP > NoDefault > > > > Identifier Auth_Staff > AuthByPolicy ContinueUntilRejectOrChallenge > AuthBy LSA_Staff > AuthBy LDAP_AD > AddToReplyIfNotExist Tunnel-Type =0:VLAN,Tunnel-Medium-Type =0:Ether_802 > > > > -------------------------- > Viktu Pons i Colomer > -------------------------- > > > _______________________________________________ > radiator mailing list > radiator at lists.open.com.au > https://lists.open.com.au/mailman/listinfo/radiator -- Hugh Irvine hugh at open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER, SIM, etc. Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc. From hugh at open.com.au Fri Jun 10 08:50:36 2022 From: hugh at open.com.au (Hugh Irvine) Date: Fri, 10 Jun 2022 18:50:36 +1000 Subject: [RADIATOR] Read LDAP attributes In-Reply-To: <2B1D78A8-3952-4C57-9E8D-58D9259B261E@open.com.au> References: <2B1D78A8-3952-4C57-9E8D-58D9259B261E@open.com.au> Message-ID: <103E0499-C7A2-4BBE-A681-0913767B3006@open.com.au> Hi again - Further to this, you might need to specify a SearchFilter to retrieve the correct attribute. regards Hugh > On 10 Jun 2022, at 18:48, Hugh Irvine wrote: > > > Hello Viktu - > > Can you please send us a Trace 4 debug showing what is happening? > > thanks and regards > > Hugh > >> On 10 Jun 2022, at 18:34, V?ktu Pons i Colomer wrote: >> >> Hi all, >> >> I am trying to configure Radiator server to set VLAN per user. >> I have tried with AD group membership and LSA authentication, but it does not work if the users belong to nested groups. >> >> Now I try to perform the authentication by LSA as well, but trying to use LDAP2 to read an attribute where we have the user?s VLAN. >> >> But I am facing an issue: If I try to read the TelePhoneNumber attribute, for instance, it works, but if I try to read the Pager nothing appears in the logs and ignores the configuration. >> I attach the configuration below. >> >> Any ideas? Thanks! >> >> >> Identifier LSA_Staff >> EAPType MSCHAP-V2 >> AutoMPPEKeys >> UsernameMatchesWithoutRealm >> NoDefault >> >> >> >> Identifier LDAP_AD >> Host - >> Port - >> AuthDN - >> AuthPassword - >> UsernameAttr sAMAccountName >> AuthAttrDef pager,Tunnel-Private-Group-ID,reply >> # AuthAttrDef TelePhoneNumber,Tunnel-Private-Group-ID,check >> NoEAP >> NoDefault >> >> >> >> Identifier Auth_Staff >> AuthByPolicy ContinueUntilRejectOrChallenge >> AuthBy LSA_Staff >> AuthBy LDAP_AD >> AddToReplyIfNotExist Tunnel-Type =0:VLAN,Tunnel-Medium-Type =0:Ether_802 >> >> >> >> -------------------------- >> Viktu Pons i Colomer >> -------------------------- >> >> >> _______________________________________________ >> radiator mailing list >> radiator at lists.open.com.au >> https://lists.open.com.au/mailman/listinfo/radiator > > > -- > > Hugh Irvine > hugh at open.com.au > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, > TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, > DIAMETER, SIM, etc. > Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc. > -- Hugh Irvine hugh at open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER, SIM, etc. Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc. From viktu at rectorat.url.edu Fri Jun 10 16:00:51 2022 From: viktu at rectorat.url.edu (=?utf-8?B?VsOta3R1IFBvbnMgaSBDb2xvbWVy?=) Date: Fri, 10 Jun 2022 16:00:51 +0000 Subject: [RADIATOR] Read LDAP attributes In-Reply-To: <103E0499-C7A2-4BBE-A681-0913767B3006@open.com.au> References: <2B1D78A8-3952-4C57-9E8D-58D9259B261E@open.com.au> <103E0499-C7A2-4BBE-A681-0913767B3006@open.com.au> Message-ID: Hello, Thank you for your reply. I didn't know how to do the searchfilter, so I finally made the LDAP connection without Global Catalog, and it found me the Pager attribute. Identifier LDAP_AD_TEST Host *** Port 389 AuthDN cn=*** AuthPassword *** BaseDN *** UsernameAttr sAMAccountName SearchFilter (%0=%1) AuthAttrDef pager,Tunnel-Private-Group-ID,reply NoEAP NoDefault Now I will try to make the connection with LDAPS to secure the connection. Thanks again, Best regards. -------------------------- Viktu Pons i Colomer -------------------------- -----Missatge original----- De: Hugh Irvine Enviat: divendres, 10 de juny de 2022 10:51 Per a: V?ktu Pons i Colomer A/c: radiator at lists.open.com.au Tema: Re: [RADIATOR] Read LDAP attributes Hi again - Further to this, you might need to specify a SearchFilter to retrieve the correct attribute. regards Hugh > On 10 Jun 2022, at 18:48, Hugh Irvine wrote: > > > Hello Viktu - > > Can you please send us a Trace 4 debug showing what is happening? > > thanks and regards > > Hugh > >> On 10 Jun 2022, at 18:34, V?ktu Pons i Colomer wrote: >> >> Hi all, >> >> I am trying to configure Radiator server to set VLAN per user. >> I have tried with AD group membership and LSA authentication, but it does not work if the users belong to nested groups. >> >> Now I try to perform the authentication by LSA as well, but trying to use LDAP2 to read an attribute where we have the user?s VLAN. >> >> But I am facing an issue: If I try to read the TelePhoneNumber attribute, for instance, it works, but if I try to read the Pager nothing appears in the logs and ignores the configuration. >> I attach the configuration below. >> >> Any ideas? Thanks! >> >> >> Identifier LSA_Staff >> EAPType MSCHAP-V2 >> AutoMPPEKeys >> UsernameMatchesWithoutRealm >> NoDefault >> >> >> >> Identifier LDAP_AD >> Host - >> Port - >> AuthDN - >> AuthPassword - >> UsernameAttr sAMAccountName >> AuthAttrDef pager,Tunnel-Private-Group-ID,reply >> # AuthAttrDef TelePhoneNumber,Tunnel-Private-Group-ID,check >> NoEAP >> NoDefault >> >> >> Identifier Auth_Staff >> AuthByPolicy ContinueUntilRejectOrChallenge >> AuthBy LSA_Staff >> AuthBy LDAP_AD >> AddToReplyIfNotExist Tunnel-Type >> =0:VLAN,Tunnel-Medium-Type =0:Ether_802 >> >> >> -------------------------- >> Viktu Pons i Colomer >> -------------------------- >> >> >> _______________________________________________ >> radiator mailing list >> radiator at lists.open.com.au >> https://lists.open.com.au/mailman/listinfo/radiator > > > -- > > Hugh Irvine > hugh at open.com.au > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, > TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, > DIAMETER, SIM, etc. > Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc. > -- Hugh Irvine hugh at open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER, SIM, etc. Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc. From patrik.forsberg at globalconnect.se Thu Jun 30 08:47:46 2022 From: patrik.forsberg at globalconnect.se (Patrik Forsberg) Date: Thu, 30 Jun 2022 08:47:46 +0000 Subject: [RADIATOR] LogTraceId error in LogFILE.pm Message-ID: Hello, During troubleshooting I enabled ?LogTraceId? and ?AutoClass uuid? in Handler. After this I get ?Use of uninitialized value $trace_id in concatenation (.) or string at /opt/radiator/radiator/Radius/LogFILE.pm line 93.? when doing kill USR1/USR2. (same log shows up without the ?AutoClass uuid? enabled) --- Best Regards, Patrik -------------- next part -------------- An HTML attachment was scrubbed... URL: