[RADIATOR] Read LDAP attributes
Víktu Pons i Colomer
viktu at rectorat.url.edu
Fri Jun 10 08:34:03 UTC 2022
Hi all,
I am trying to configure Radiator server to set VLAN per user.
I have tried with AD group membership and LSA authentication, but it does not work if the users belong to nested groups.
Now I try to perform the authentication by LSA as well, but trying to use LDAP2 to read an attribute where we have the user's VLAN.
But I am facing an issue: If I try to read the TelePhoneNumber attribute, for instance, it works, but if I try to read the Pager nothing appears in the logs and ignores the configuration.
I attach the configuration below.
Any ideas? Thanks!
<AuthBy LSA>
Identifier LSA_Staff
EAPType MSCHAP-V2
AutoMPPEKeys
UsernameMatchesWithoutRealm
NoDefault
</AuthBy>
<AuthBy LDAP2>
Identifier LDAP_AD
Host -
Port -
AuthDN -
AuthPassword -
UsernameAttr sAMAccountName
AuthAttrDef pager,Tunnel-Private-Group-ID,reply
# AuthAttrDef TelePhoneNumber,Tunnel-Private-Group-ID,check
NoEAP
NoDefault
</AuthBy>
<AuthBy GROUP>
Identifier Auth_Staff
AuthByPolicy ContinueUntilRejectOrChallenge
AuthBy LSA_Staff
AuthBy LDAP_AD
AddToReplyIfNotExist Tunnel-Type =0:VLAN,Tunnel-Medium-Type =0:Ether_802
</AuthBy>
--------------------------
Viktu Pons i Colomer
--------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.open.com.au/pipermail/radiator/attachments/20220610/ca32b56b/attachment.html>
More information about the radiator
mailing list