Hi all,
I am trying to configure Radiator server to set VLAN per user.
I have tried with AD group membership and LSA authentication, but it does not
work if the users belong to nested groups.
Now I try to perform the authentication by LSA as well, but trying to use LDAP2
to read an attribute where we have the user's VLAN.
But I am facing an issue: If I try to read the TelePhoneNumber attribute, for
instance, it works, but if I try to read the Pager nothing appears in the logs
and ignores the configuration.
I attach the configuration below.
Any ideas? Thanks!
<AuthBy LSA>
Identifier LSA_Staff
EAPType MSCHAP-V2
AutoMPPEKeys
UsernameMatchesWithoutRealm
NoDefault
</AuthBy>
<AuthBy LDAP2>
Identifier LDAP_AD
Host -
Port -
AuthDN -
AuthPassword -
UsernameAttr sAMAccountName
AuthAttrDef pager,Tunnel-Private-Group-ID,reply
# AuthAttrDef
TelePhoneNumber,Tunnel-Private-Group-ID,check
NoEAP
NoDefault
</AuthBy>
<AuthBy GROUP>
Identifier Auth_Staff
AuthByPolicy ContinueUntilRejectOrChallenge
AuthBy LSA_Staff
AuthBy LDAP_AD
AddToReplyIfNotExist Tunnel-Type =0:VLAN,Tunnel-Medium-Type
=0:Ether_802
</AuthBy>
--------------------------
Viktu Pons i Colomer
--------------------------
_______________________________________________
radiator mailing list
[email protected]
https://lists.open.com.au/mailman/listinfo/radiator
