[RADIATOR] Read LDAP attributes
Víktu Pons i Colomer
viktu at rectorat.url.edu
Fri Jun 10 16:00:51 UTC 2022
Hello,
Thank you for your reply.
I didn't know how to do the searchfilter, so I finally made the LDAP connection without Global Catalog, and it found me the Pager attribute.
<AuthBy LDAP2>
Identifier LDAP_AD_TEST
Host ***
Port 389
AuthDN cn=***
AuthPassword ***
BaseDN ***
UsernameAttr sAMAccountName
SearchFilter (%0=%1)
AuthAttrDef pager,Tunnel-Private-Group-ID,reply
NoEAP
NoDefault
</AuthBy>
Now I will try to make the connection with LDAPS to secure the connection.
Thanks again,
Best regards.
--------------------------
Viktu Pons i Colomer
--------------------------
-----Missatge original-----
De: Hugh Irvine <hugh at open.com.au>
Enviat: divendres, 10 de juny de 2022 10:51
Per a: Víktu Pons i Colomer <viktu at rectorat.url.edu>
A/c: radiator at lists.open.com.au
Tema: Re: [RADIATOR] Read LDAP attributes
Hi again -
Further to this, you might need to specify a SearchFilter to retrieve the correct attribute.
regards
Hugh
> On 10 Jun 2022, at 18:48, Hugh Irvine <hugh at open.com.au> wrote:
>
>
> Hello Viktu -
>
> Can you please send us a Trace 4 debug showing what is happening?
>
> thanks and regards
>
> Hugh
>
>> On 10 Jun 2022, at 18:34, Víktu Pons i Colomer <viktu at rectorat.url.edu> wrote:
>>
>> Hi all,
>>
>> I am trying to configure Radiator server to set VLAN per user.
>> I have tried with AD group membership and LSA authentication, but it does not work if the users belong to nested groups.
>>
>> Now I try to perform the authentication by LSA as well, but trying to use LDAP2 to read an attribute where we have the user’s VLAN.
>>
>> But I am facing an issue: If I try to read the TelePhoneNumber attribute, for instance, it works, but if I try to read the Pager nothing appears in the logs and ignores the configuration.
>> I attach the configuration below.
>>
>> Any ideas? Thanks!
>>
>> <AuthBy LSA>
>> Identifier LSA_Staff
>> EAPType MSCHAP-V2
>> AutoMPPEKeys
>> UsernameMatchesWithoutRealm
>> NoDefault
>> </AuthBy>
>>
>> <AuthBy LDAP2>
>> Identifier LDAP_AD
>> Host -
>> Port -
>> AuthDN -
>> AuthPassword -
>> UsernameAttr sAMAccountName
>> AuthAttrDef pager,Tunnel-Private-Group-ID,reply
>> # AuthAttrDef TelePhoneNumber,Tunnel-Private-Group-ID,check
>> NoEAP
>> NoDefault </AuthBy>
>>
>> <AuthBy GROUP>
>> Identifier Auth_Staff
>> AuthByPolicy ContinueUntilRejectOrChallenge
>> AuthBy LSA_Staff
>> AuthBy LDAP_AD
>> AddToReplyIfNotExist Tunnel-Type
>> =0:VLAN,Tunnel-Medium-Type =0:Ether_802 </AuthBy>
>>
>>
>> --------------------------
>> Viktu Pons i Colomer
>> --------------------------
>>
>>
>> _______________________________________________
>> radiator mailing list
>> radiator at lists.open.com.au
>> https://lists.open.com.au/mailman/listinfo/radiator
>
>
> --
>
> Hugh Irvine
> hugh at open.com.au
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP,
> TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER, SIM, etc.
> Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc.
>
--
Hugh Irvine
hugh at open.com.au
Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER, SIM, etc.
Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc.
More information about the radiator
mailing list