Re: [RADIATOR] Read LDAP attributes
Hello, Thank you for your reply. I didn't know how to do the searchfilter, so I finally made the LDAP connection without Global Catalog, and it found me the Pager attribute. Identifier LDAP_AD_TEST Host *** Port 389 AuthDN cn=*** AuthPassword *** BaseDN *** UsernameAttr sAMAccountName SearchFilter (%0=%1) AuthAttrDef pager,Tunnel-Private-Group-ID,reply NoEAP NoDefault Now I will try to make the connection with LDAPS to secure the connection. Thanks again, Best regards. -- Viktu Pons i Colomer -- -Missatge original- De: Hugh Irvine Enviat: divendres, 10 de juny de 2022 10:51 Per a: Víktu Pons i Colomer A/c: radiator@lists.open.com.au Tema: Re: [RADIATOR] Read LDAP attributes Hi again - Further to this, you might need to specify a SearchFilter to retrieve the correct attribute. regards Hugh > On 10 Jun 2022, at 18:48, Hugh Irvine wrote: > > > Hello Viktu - > > Can you please send us a Trace 4 debug showing what is happening? > > thanks and regards > > Hugh > >> On 10 Jun 2022, at 18:34, Víktu Pons i Colomer >> wrote: >> >> Hi all, >> >> I am trying to configure Radiator server to set VLAN per user. >> I have tried with AD group membership and LSA authentication, but it does >> not work if the users belong to nested groups. >> >> Now I try to perform the authentication by LSA as well, but trying to use >> LDAP2 to read an attribute where we have the user’s VLAN. >> >> But I am facing an issue: If I try to read the TelePhoneNumber attribute, >> for instance, it works, but if I try to read the Pager nothing appears in >> the logs and ignores the configuration. >> I attach the configuration below. >> >> Any ideas? Thanks! >> >> >> Identifier LSA_Staff >> EAPType MSCHAP-V2 >> AutoMPPEKeys >> UsernameMatchesWithoutRealm >> NoDefault >> >> >> >> Identifier LDAP_AD >> Host - >> Port - >> AuthDN - >> AuthPassword- >> UsernameAttr sAMAccountName >> AuthAttrDef pager,Tunnel-Private-Group-ID,reply >> # AuthAttrDef >> TelePhoneNumber,Tunnel-Private-Group-ID,check >> NoEAP >> NoDefault >> >> >> Identifier Auth_Staff >> AuthByPolicy ContinueUntilRejectOrChallenge >> AuthBy LSA_Staff >> AuthBy LDAP_AD >> AddToReplyIfNotExist Tunnel-Type >> =0:VLAN,Tunnel-Medium-Type =0:Ether_802 >> >> >> -- >> Viktu Pons i Colomer >> -- >> >> >> ___ >> radiator mailing list >> radiator@lists.open.com.au >> https://lists.open.com.au/mailman/listinfo/radiator > > > -- > > Hugh Irvine > h...@open.com.au > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, > TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, > DIAMETER, SIM, etc. > Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc. > -- Hugh Irvine h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER, SIM, etc. Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@lists.open.com.au https://lists.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Read LDAP attributes
Hi again - Further to this, you might need to specify a SearchFilter to retrieve the correct attribute. regards Hugh > On 10 Jun 2022, at 18:48, Hugh Irvine wrote: > > > Hello Viktu - > > Can you please send us a Trace 4 debug showing what is happening? > > thanks and regards > > Hugh > >> On 10 Jun 2022, at 18:34, Víktu Pons i Colomer >> wrote: >> >> Hi all, >> >> I am trying to configure Radiator server to set VLAN per user. >> I have tried with AD group membership and LSA authentication, but it does >> not work if the users belong to nested groups. >> >> Now I try to perform the authentication by LSA as well, but trying to use >> LDAP2 to read an attribute where we have the user’s VLAN. >> >> But I am facing an issue: If I try to read the TelePhoneNumber attribute, >> for instance, it works, but if I try to read the Pager nothing appears in >> the logs and ignores the configuration. >> I attach the configuration below. >> >> Any ideas? Thanks! >> >> >> Identifier LSA_Staff >> EAPType MSCHAP-V2 >> AutoMPPEKeys >> UsernameMatchesWithoutRealm >> NoDefault >> >> >> >> Identifier LDAP_AD >> Host - >> Port - >> AuthDN - >> AuthPassword- >> UsernameAttr sAMAccountName >> AuthAttrDef pager,Tunnel-Private-Group-ID,reply >> # AuthAttrDef >> TelePhoneNumber,Tunnel-Private-Group-ID,check >> NoEAP >> NoDefault >> >> >> >> Identifier Auth_Staff >> AuthByPolicy ContinueUntilRejectOrChallenge >> AuthBy LSA_Staff >> AuthBy LDAP_AD >> AddToReplyIfNotExist Tunnel-Type =0:VLAN,Tunnel-Medium-Type >> =0:Ether_802 >> >> >> >> -- >> Viktu Pons i Colomer >> -- >> >> >> ___ >> radiator mailing list >> radiator@lists.open.com.au >> https://lists.open.com.au/mailman/listinfo/radiator > > > -- > > Hugh Irvine > h...@open.com.au > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, > TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, > DIAMETER, SIM, etc. > Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc. > -- Hugh Irvine h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER, SIM, etc. Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@lists.open.com.au https://lists.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Read LDAP attributes
Hello Viktu - Can you please send us a Trace 4 debug showing what is happening? thanks and regards Hugh > On 10 Jun 2022, at 18:34, Víktu Pons i Colomer wrote: > > Hi all, > > I am trying to configure Radiator server to set VLAN per user. > I have tried with AD group membership and LSA authentication, but it does not > work if the users belong to nested groups. > > Now I try to perform the authentication by LSA as well, but trying to use > LDAP2 to read an attribute where we have the user’s VLAN. > > But I am facing an issue: If I try to read the TelePhoneNumber attribute, for > instance, it works, but if I try to read the Pager nothing appears in the > logs and ignores the configuration. > I attach the configuration below. > > Any ideas? Thanks! > > >Identifier LSA_Staff >EAPType MSCHAP-V2 >AutoMPPEKeys >UsernameMatchesWithoutRealm >NoDefault > > > > Identifier LDAP_AD > Host - > Port - > AuthDN - > AuthPassword- > UsernameAttr sAMAccountName > AuthAttrDef pager,Tunnel-Private-Group-ID,reply > # AuthAttrDef > TelePhoneNumber,Tunnel-Private-Group-ID,check > NoEAP > NoDefault > > > >Identifier Auth_Staff >AuthByPolicy ContinueUntilRejectOrChallenge >AuthBy LSA_Staff >AuthBy LDAP_AD >AddToReplyIfNotExist Tunnel-Type =0:VLAN,Tunnel-Medium-Type > =0:Ether_802 > > > > -- > Viktu Pons i Colomer > -- > > > ___ > radiator mailing list > radiator@lists.open.com.au > https://lists.open.com.au/mailman/listinfo/radiator -- Hugh Irvine h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER, SIM, etc. Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@lists.open.com.au https://lists.open.com.au/mailman/listinfo/radiator
[RADIATOR] Read LDAP attributes
Hi all, I am trying to configure Radiator server to set VLAN per user. I have tried with AD group membership and LSA authentication, but it does not work if the users belong to nested groups. Now I try to perform the authentication by LSA as well, but trying to use LDAP2 to read an attribute where we have the user's VLAN. But I am facing an issue: If I try to read the TelePhoneNumber attribute, for instance, it works, but if I try to read the Pager nothing appears in the logs and ignores the configuration. I attach the configuration below. Any ideas? Thanks! Identifier LSA_Staff EAPType MSCHAP-V2 AutoMPPEKeys UsernameMatchesWithoutRealm NoDefault Identifier LDAP_AD Host - Port - AuthDN - AuthPassword- UsernameAttr sAMAccountName AuthAttrDef pager,Tunnel-Private-Group-ID,reply # AuthAttrDef TelePhoneNumber,Tunnel-Private-Group-ID,check NoEAP NoDefault Identifier Auth_Staff AuthByPolicy ContinueUntilRejectOrChallenge AuthBy LSA_Staff AuthBy LDAP_AD AddToReplyIfNotExist Tunnel-Type =0:VLAN,Tunnel-Medium-Type =0:Ether_802 -- Viktu Pons i Colomer -- ___ radiator mailing list radiator@lists.open.com.au https://lists.open.com.au/mailman/listinfo/radiator