[RADIATOR] Read LDAP attributes

Hugh Irvine hugh at open.com.au
Fri Jun 10 08:48:45 UTC 2022


Hello Viktu -

Can you please send us a Trace 4 debug showing what is happening?

thanks and regards

Hugh

> On 10 Jun 2022, at 18:34, Víktu Pons i Colomer <viktu at rectorat.url.edu> wrote:
> 
>  Hi all,
>  
> I am trying to configure Radiator server to set VLAN per user.
> I have tried with AD group membership and LSA authentication, but it does not work if the users belong to nested groups.
>  
> Now I try to perform the authentication by LSA as well, but trying to use LDAP2 to read an attribute where we have the user’s VLAN.
>  
> But I am facing an issue: If I try to read the TelePhoneNumber attribute, for instance, it works, but if I try to read the Pager nothing appears in the logs and ignores the configuration.
> I attach the configuration below.
>  
> Any ideas? Thanks!
>  
> <AuthBy LSA>
>                Identifier LSA_Staff
>                EAPType MSCHAP-V2
>                AutoMPPEKeys
>                UsernameMatchesWithoutRealm
>                NoDefault
> </AuthBy>
>  
> <AuthBy LDAP2>
>                               Identifier LDAP_AD
>                               Host -
>                               Port -
>                               AuthDN -
>                               AuthPassword    -
>                               UsernameAttr sAMAccountName
>                               AuthAttrDef pager,Tunnel-Private-Group-ID,reply
>                               # AuthAttrDef TelePhoneNumber,Tunnel-Private-Group-ID,check
>                               NoEAP
>                               NoDefault
> </AuthBy>
>  
> <AuthBy GROUP>
>                Identifier Auth_Staff
>                AuthByPolicy ContinueUntilRejectOrChallenge
>                AuthBy LSA_Staff
>                AuthBy LDAP_AD
>                AddToReplyIfNotExist Tunnel-Type =0:VLAN,Tunnel-Medium-Type =0:Ether_802
> </AuthBy>
>  
>  
> --------------------------
> Viktu Pons i Colomer
> --------------------------
>  
>  
> _______________________________________________
> radiator mailing list
> radiator at lists.open.com.au
> https://lists.open.com.au/mailman/listinfo/radiator


--

Hugh Irvine
hugh at open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc. 
Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc.



More information about the radiator mailing list