Hello, Thank you for your reply. I didn't know how to do the searchfilter, so I finally made the LDAP connection without Global Catalog, and it found me the Pager attribute.
<AuthBy LDAP2> Identifier LDAP_AD_TEST Host *** Port 389 AuthDN cn=*** AuthPassword *** BaseDN *** UsernameAttr sAMAccountName SearchFilter (%0=%1) AuthAttrDef pager,Tunnel-Private-Group-ID,reply NoEAP NoDefault </AuthBy> Now I will try to make the connection with LDAPS to secure the connection. Thanks again, Best regards. -------------------------- Viktu Pons i Colomer -------------------------- -----Missatge original----- De: Hugh Irvine <h...@open.com.au> Enviat: divendres, 10 de juny de 2022 10:51 Per a: Víktu Pons i Colomer <vi...@rectorat.url.edu> A/c: radiator@lists.open.com.au Tema: Re: [RADIATOR] Read LDAP attributes Hi again - Further to this, you might need to specify a SearchFilter to retrieve the correct attribute. regards Hugh > On 10 Jun 2022, at 18:48, Hugh Irvine <h...@open.com.au> wrote: > > > Hello Viktu - > > Can you please send us a Trace 4 debug showing what is happening? > > thanks and regards > > Hugh > >> On 10 Jun 2022, at 18:34, Víktu Pons i Colomer <vi...@rectorat.url.edu> >> wrote: >> >> Hi all, >> >> I am trying to configure Radiator server to set VLAN per user. >> I have tried with AD group membership and LSA authentication, but it does >> not work if the users belong to nested groups. >> >> Now I try to perform the authentication by LSA as well, but trying to use >> LDAP2 to read an attribute where we have the user’s VLAN. >> >> But I am facing an issue: If I try to read the TelePhoneNumber attribute, >> for instance, it works, but if I try to read the Pager nothing appears in >> the logs and ignores the configuration. >> I attach the configuration below. >> >> Any ideas? Thanks! >> >> <AuthBy LSA> >> Identifier LSA_Staff >> EAPType MSCHAP-V2 >> AutoMPPEKeys >> UsernameMatchesWithoutRealm >> NoDefault >> </AuthBy> >> >> <AuthBy LDAP2> >> Identifier LDAP_AD >> Host - >> Port - >> AuthDN - >> AuthPassword - >> UsernameAttr sAMAccountName >> AuthAttrDef pager,Tunnel-Private-Group-ID,reply >> # AuthAttrDef >> TelePhoneNumber,Tunnel-Private-Group-ID,check >> NoEAP >> NoDefault </AuthBy> >> >> <AuthBy GROUP> >> Identifier Auth_Staff >> AuthByPolicy ContinueUntilRejectOrChallenge >> AuthBy LSA_Staff >> AuthBy LDAP_AD >> AddToReplyIfNotExist Tunnel-Type >> =0:VLAN,Tunnel-Medium-Type =0:Ether_802 </AuthBy> >> >> >> -------------------------- >> Viktu Pons i Colomer >> -------------------------- >> >> >> _______________________________________________ >> radiator mailing list >> radiator@lists.open.com.au >> https://lists.open.com.au/mailman/listinfo/radiator > > > -- > > Hugh Irvine > h...@open.com.au > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, > TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, > DIAMETER, SIM, etc. > Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc. > -- Hugh Irvine h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER, SIM, etc. Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@lists.open.com.au https://lists.open.com.au/mailman/listinfo/radiator