For the purpose of VPN access control, it is a common requirement that the VPN server asked asks the RADIUS server to return a user's group membership in a RADIUS attribute.
A user can belong to more than one group. You have to firstly decide if you want to return all of the group names in an attribute or you want to return only one specific group name.
Return All Groups
The example below demonstrate how to return all of the user's group names in the RADIUS attribute: called "Filter-Id"
First, create a RADIUS attribute (RADIUS > Radius Attribute > Create)
In the field "Maps To:", enter the following expression. Also, check the box "Return Response".
| Code Block |
|---|
groups?.name.join(',') |
To assign the Radius attribute to a user, navigate to the user's account, select "Radius Settings\Radius Attribute" from the context menu
Then, select the Radius attribute, i.e. Filter-Id
Return One Group
The example below demonstrate how to return one specific group name in the RADIUS attribute: called "Filter-Id"
First, create a RADIUS attribute (RADIUS > Radius Attribute > Create)
In the field "Maps To:", enter the following expression. Also, check the box "Return Response".
| Code Block |
|---|
nestedGroups?.find{it.radiusAttributes.any{ att-> att.name=='Filter-Id'}}?.name |
Now, navigate to the user group from "Directory | Groups", select "Radius Settings\Radius Attribute" from the context menu
Then, select the Radius attribute, i.e. Filter-Id
Related Articles
Content by Label