Hello,
Thank you for your reply.
I didn't know how to do the searchfilter, so I finally made the LDAP connection
without Global Catalog, and it found me the Pager attribute.
<AuthBy LDAP2>
Identifier LDAP_AD_TEST
Host ***
Port 389
AuthDN cn=***
AuthPassword ***
BaseDN ***
UsernameAttr sAMAccountName
SearchFilter (%0=%1)
AuthAttrDef pager,Tunnel-Private-Group-ID,reply
NoEAP
NoDefault
</AuthBy>
Now I will try to make the connection with LDAPS to secure the connection.
Thanks again,
Best regards.
--------------------------
Viktu Pons i Colomer
--------------------------
-----Missatge original-----
De: Hugh Irvine <[email protected]>
Enviat: divendres, 10 de juny de 2022 10:51
Per a: Víktu Pons i Colomer <[email protected]>
A/c: [email protected]
Tema: Re: [RADIATOR] Read LDAP attributes
Hi again -
Further to this, you might need to specify a SearchFilter to retrieve the
correct attribute.
regards
Hugh
> On 10 Jun 2022, at 18:48, Hugh Irvine <[email protected]> wrote:
>
>
> Hello Viktu -
>
> Can you please send us a Trace 4 debug showing what is happening?
>
> thanks and regards
>
> Hugh
>
>> On 10 Jun 2022, at 18:34, Víktu Pons i Colomer <[email protected]>
>> wrote:
>>
>> Hi all,
>>
>> I am trying to configure Radiator server to set VLAN per user.
>> I have tried with AD group membership and LSA authentication, but it does
>> not work if the users belong to nested groups.
>>
>> Now I try to perform the authentication by LSA as well, but trying to use
>> LDAP2 to read an attribute where we have the user’s VLAN.
>>
>> But I am facing an issue: If I try to read the TelePhoneNumber attribute,
>> for instance, it works, but if I try to read the Pager nothing appears in
>> the logs and ignores the configuration.
>> I attach the configuration below.
>>
>> Any ideas? Thanks!
>>
>> <AuthBy LSA>
>> Identifier LSA_Staff
>> EAPType MSCHAP-V2
>> AutoMPPEKeys
>> UsernameMatchesWithoutRealm
>> NoDefault
>> </AuthBy>
>>
>> <AuthBy LDAP2>
>> Identifier LDAP_AD
>> Host -
>> Port -
>> AuthDN -
>> AuthPassword -
>> UsernameAttr sAMAccountName
>> AuthAttrDef pager,Tunnel-Private-Group-ID,reply
>> # AuthAttrDef
>> TelePhoneNumber,Tunnel-Private-Group-ID,check
>> NoEAP
>> NoDefault </AuthBy>
>>
>> <AuthBy GROUP>
>> Identifier Auth_Staff
>> AuthByPolicy ContinueUntilRejectOrChallenge
>> AuthBy LSA_Staff
>> AuthBy LDAP_AD
>> AddToReplyIfNotExist Tunnel-Type
>> =0:VLAN,Tunnel-Medium-Type =0:Ether_802 </AuthBy>
>>
>>
>> --------------------------
>> Viktu Pons i Colomer
>> --------------------------
>>
>>
>> _______________________________________________
>> radiator mailing list
>> [email protected]
>> https://lists.open.com.au/mailman/listinfo/radiator
>
>
> --
>
> Hugh Irvine
> [email protected]
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP,
> TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER, SIM, etc.
> Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc.
>
--
Hugh Irvine
[email protected]
Radiator: the most portable, flexible and configurable RADIUS server anywhere.
SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside,
TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX,
RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER, SIM, etc.
Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc.
_______________________________________________
radiator mailing list
[email protected]
https://lists.open.com.au/mailman/listinfo/radiator
