Hi all, I am trying to configure Radiator server to set VLAN per user. I have tried with AD group membership and LSA authentication, but it does not work if the users belong to nested groups.
Now I try to perform the authentication by LSA as well, but trying to use LDAP2 to read an attribute where we have the user's VLAN. But I am facing an issue: If I try to read the TelePhoneNumber attribute, for instance, it works, but if I try to read the Pager nothing appears in the logs and ignores the configuration. I attach the configuration below. Any ideas? Thanks! <AuthBy LSA> Identifier LSA_Staff EAPType MSCHAP-V2 AutoMPPEKeys UsernameMatchesWithoutRealm NoDefault </AuthBy> <AuthBy LDAP2> Identifier LDAP_AD Host - Port - AuthDN - AuthPassword - UsernameAttr sAMAccountName AuthAttrDef pager,Tunnel-Private-Group-ID,reply # AuthAttrDef TelePhoneNumber,Tunnel-Private-Group-ID,check NoEAP NoDefault </AuthBy> <AuthBy GROUP> Identifier Auth_Staff AuthByPolicy ContinueUntilRejectOrChallenge AuthBy LSA_Staff AuthBy LDAP_AD AddToReplyIfNotExist Tunnel-Type =0:VLAN,Tunnel-Medium-Type =0:Ether_802 </AuthBy> -------------------------- Viktu Pons i Colomer --------------------------
_______________________________________________ radiator mailing list radiator@lists.open.com.au https://lists.open.com.au/mailman/listinfo/radiator