For the purpose of VPN access control, it is a common requirement that the VPN server asked the RADIUS server to return a user's group membership in a RADIUS attribute.

A user can belong to more than one group. You have to firstly decide if you want to return all of the group names in an attribute or you want to return only one specific group name.

Return All Groups

The example below demonstrate how to return all of the user's group names in the RADIUS attribute: called "Filter-Id"

First, create a RADIUS attribute (RADIUS > Radius Attribute > Create)

In the field "Maps To:", enter "groups?.name.join(',')". Also, check the box "Return Response".

To assign the Radius attribute to a user, navigate to the user's account, select "Radius Settings\Radius Attribute" from the context menu

Then, select the Radius attribute, i.e. Filter-Id


Return One Group

The example below demonstrate how to return one specifc group name in the RADIUS attribute: called "Filter-Id"

First, create a RADIUS attribute (RADIUS > Radius Attribute > Create)

In the field "Maps To:", enter "nestedGroups?.find{it.radiusAttributes.any{ att-> att.name=='Filter-Id'}}?.name". Also, check the box "Return Response".

Now, navigate to the user group from "Directory | Groups", select "Radius Settings\Radius Attribute" from the context menu

Then, select the Radius attribute, i.e. Filter-Id

Related Articles