You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

For the purpose of VPN access control, it is a common requirement that the VPN server asked the RADIUS server to return a user's group memebership in a RADIUS attribute.

A user can belong to more than one group. You have to firstly decide if you want to return all of the group names in an attribute or you want to return only one specific group name.

Return All Groups

The example below demonstrate how to return all of the user's group names in the RADIUS attribute: called "Filter-Id"

First, create a RADIUS attribute (RADIUS > Radius Attribute > Create)

In the field "Maps To:", enter "groups?.name.join(',')". Also, check the box "Return Response".

To assign the Radius attribute to a user, navigate to the user's account, select "Radius Settings\Radius Attribute" from the context menu

Then, select the Radius attribute, i.e. Filter-Id


Return One Group

The example below demonstrate how to return one specifc group name in the RADIUS attribute: called "Filter-Id"

First, create a RADIUS attribute (RADIUS > Radius Attribute > Create)

In the field "Maps To:", enter "nestedGroups?.find{it.radiusAttributes.any{ att-> att.name=='Filter-Id'}}.name". Also, check the box "Return Response".

Now, navigate to the user group from "Directory | Groups", select "Radius Settings\Radius Attribute" from the context menu

Then, select the Radius attribute, i.e. Filter-Id