[RADIATOR] Read LDAP attributes

Víktu Pons i Colomer viktu at rectorat.url.edu
Fri Jun 10 16:00:51 UTC 2022


Hello,

Thank you for your reply.
I didn't know how to do the searchfilter, so I finally made the LDAP connection without Global Catalog, and it found me the Pager attribute.

<AuthBy LDAP2>
		Identifier LDAP_AD_TEST
		Host ***
		Port 389
		AuthDN cn=***
		AuthPassword ***
		BaseDN ***
		UsernameAttr sAMAccountName
		SearchFilter (%0=%1)
 		AuthAttrDef pager,Tunnel-Private-Group-ID,reply
		NoEAP
		NoDefault
</AuthBy>

Now I will try to make the connection with LDAPS to secure the connection.

Thanks again,
Best regards.

--------------------------
Viktu Pons i Colomer
--------------------------

-----Missatge original-----
De: Hugh Irvine <hugh at open.com.au> 
Enviat: divendres, 10 de juny de 2022 10:51
Per a: Víktu Pons i Colomer <viktu at rectorat.url.edu>
A/c: radiator at lists.open.com.au
Tema: Re: [RADIATOR] Read LDAP attributes


Hi again -

Further to this, you might need to specify a SearchFilter to retrieve the correct attribute.

regards

Hugh


> On 10 Jun 2022, at 18:48, Hugh Irvine <hugh at open.com.au> wrote:
> 
> 
> Hello Viktu -
> 
> Can you please send us a Trace 4 debug showing what is happening?
> 
> thanks and regards
> 
> Hugh
> 
>> On 10 Jun 2022, at 18:34, Víktu Pons i Colomer <viktu at rectorat.url.edu> wrote:
>> 
>> Hi all,
>> 
>> I am trying to configure Radiator server to set VLAN per user.
>> I have tried with AD group membership and LSA authentication, but it does not work if the users belong to nested groups.
>> 
>> Now I try to perform the authentication by LSA as well, but trying to use LDAP2 to read an attribute where we have the user’s VLAN.
>> 
>> But I am facing an issue: If I try to read the TelePhoneNumber attribute, for instance, it works, but if I try to read the Pager nothing appears in the logs and ignores the configuration.
>> I attach the configuration below.
>> 
>> Any ideas? Thanks!
>> 
>> <AuthBy LSA>
>>               Identifier LSA_Staff
>>               EAPType MSCHAP-V2
>>               AutoMPPEKeys
>>               UsernameMatchesWithoutRealm
>>               NoDefault
>> </AuthBy>
>> 
>> <AuthBy LDAP2>
>>                              Identifier LDAP_AD
>>                              Host -
>>                              Port -
>>                              AuthDN -
>>                              AuthPassword    -
>>                              UsernameAttr sAMAccountName
>>                              AuthAttrDef pager,Tunnel-Private-Group-ID,reply
>>                              # AuthAttrDef TelePhoneNumber,Tunnel-Private-Group-ID,check
>>                              NoEAP
>>                              NoDefault </AuthBy>
>> 
>> <AuthBy GROUP>
>>               Identifier Auth_Staff
>>               AuthByPolicy ContinueUntilRejectOrChallenge
>>               AuthBy LSA_Staff
>>               AuthBy LDAP_AD
>>               AddToReplyIfNotExist Tunnel-Type 
>> =0:VLAN,Tunnel-Medium-Type =0:Ether_802 </AuthBy>
>> 
>> 
>> --------------------------
>> Viktu Pons i Colomer
>> --------------------------
>> 
>> 
>> _______________________________________________
>> radiator mailing list
>> radiator at lists.open.com.au
>> https://lists.open.com.au/mailman/listinfo/radiator
> 
> 
> --
> 
> Hugh Irvine
> hugh at open.com.au
> 
> Radiator: the most portable, flexible and configurable RADIUS server 
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, 
> TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, 
> DIAMETER, SIM, etc.
> Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc.
> 


--

Hugh Irvine
hugh at open.com.au

Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER, SIM, etc. 
Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc.



More information about the radiator mailing list