[RADIATOR] Read LDAP attributes

Víktu Pons i Colomer viktu at rectorat.url.edu
Fri Jun 10 08:34:03 UTC 2022

 Hi all,

I am trying to configure Radiator server to set VLAN per user.
I have tried with AD group membership and LSA authentication, but it does not work if the users belong to nested groups.

Now I try to perform the authentication by LSA as well, but trying to use LDAP2 to read an attribute where we have the user's VLAN.

But I am facing an issue: If I try to read the TelePhoneNumber attribute, for instance, it works, but if I try to read the Pager nothing appears in the logs and ignores the configuration.
I attach the configuration below.

Any ideas? Thanks!

<AuthBy LSA>
               Identifier LSA_Staff
               EAPType MSCHAP-V2

<AuthBy LDAP2>
                              Identifier LDAP_AD
                              Host -
                              Port -
                              AuthDN -
                              AuthPassword    -
                              UsernameAttr sAMAccountName
                              AuthAttrDef pager,Tunnel-Private-Group-ID,reply
                              # AuthAttrDef TelePhoneNumber,Tunnel-Private-Group-ID,check

<AuthBy GROUP>
               Identifier Auth_Staff
               AuthByPolicy ContinueUntilRejectOrChallenge
               AuthBy LSA_Staff
               AuthBy LDAP_AD
               AddToReplyIfNotExist Tunnel-Type =0:VLAN,Tunnel-Medium-Type =0:Ether_802

Viktu Pons i Colomer

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.open.com.au/pipermail/radiator/attachments/20220610/ca32b56b/attachment.html>

More information about the radiator mailing list