You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

For the purpose of VPN access control, it is a common requirement that the RADIUS server return some specific attributes in an Access-Accept request.

The example below demonstrate how to return the user's Group ID or Name as a RADIUS attribute: Filter-Id

First, create a RADIUS attribute (RADIUS > Radius Attribute > Create)

In the field "Maps To:", write groups?.id.join(','). If you are in favour of name, you can use groups?.name.join(','). Also, check the box "return Response".

Now, assign Radius attributes to a specified group(or user).

For example, we use (check) the one we just created.

Here we use NTRadPing as a radius client to do the test

As you can see the attribute in response Filter-Id=3. You can double confirm it with WireShark.

If you change the mapping as groups?.name.join(','), then the result will be Filter-Id=aaa.

What if this user belongs to two groups, for instance aaa and ccc? The result will be Filter-Id=aaa,ccc.

Furthermore, if you want to return only one group name, e.g 'aaa', then you must assign the attribute on the group 'aaa'  and map the attribute to:

nestedGroups?.find{it.radiusAttributes.any{ att-> att.name=='Filter-Id'}}.name