Hello pardon me for my poor English. I just configured the Openconnect server and it works very well. I Thank you so much for creating such great software.
my problem is If I add "class" attribute in my Radius with "OU=group1" it supposed to add user to group1 after authentication. but it won't and disconnected wit this error: "radius-auth: user 'user2' requested group 'group1' but is not a member" this is my ocserv.conf file content: ############################################################################ auth = "radius [config=/etc/radcli/radiusclient.conf,groupconfig=true]" acct = "radius [config=/etc/radcli/radiusclient.conf,groupconfig=true]" #auth = "plain[passwd=/etc/ocserv/ocpasswd]" #auth = "pam" default-domain = server.myvpnserver.com ipv4-network = 10.10.10.0 ipv4-netmask = 255.255.255.0 tunnel-all-dns = true dns = 8.8.8.8 dns = 1.1.1.1 tcp-port = 443 server-cert = /etc/letsencrypt/live/server.myvpnserver.com/fullchain.pem server-key = /etc/letsencrypt/live/server.myvpnserver.com/privkey.pem keepalive = 300 max-same-clients = 10 rx-data-per-sec = 1200000 tx-data-per-sec = 1200000 #listen-proxy-proto = true try-mtu-discovery = true #user-profile = /path/to/file.xml #config-per-group = /etc/ocserv/config-per-group/ #config-per-user = /etc/ocserv/config-per-user/ stats-report-time = 10 select-group = group1 #select-group = group4 #select-group = group8 auto-select-group = true ########## run-as-user = nobody run-as-group = daemon socket-file = /run/ocserv.socket ca-cert = /etc/ssl/certs/ssl-cert-snakeoil.pem isolate-workers = true server-stats-reset-time = 604800 dpd = 60 mobile-dpd = 300 switch-to-tcp-timeout = 25 cert-user-oid = 0.9.2342.19200300.100.1.1 compression = true no-compress-limit = 256 tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA:-VERS-SSL3.0:-ARCFOUR-128:-VERS-TLS1.0:-VERS-TLS1.1" auth-timeout = 240 idle-timeout = 1200 mobile-idle-timeout = 1800 min-reauth-time = 300 max-ban-score = 80 ban-reset-time = 300 cookie-timeout = 300 deny-roaming = false rekey-time = 172800 rekey-method = ssl use-occtl = true pid-file = /run/ocserv.pid device = vpns predictable-ips = true ping-leases = false cisco-client-compat = true dtls-legacy = true ############################################################################ If I don't add the "Class" attribute in my radius everything works well but I need it. so is there any way I can use groupconfig with radius authentication? I Thank you so much in advanced. Regards _______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
