Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

For the purpose of VPN access control, it is a common requirement that the VPN server asked the RADIUS server return some specific attributes in an Access-Accept request.to return a user's group membership in a RADIUS attribute.

A user can belong to more than one group. You have to firstly decide if you want to return all of the group names in an attribute or you want to return only one specific group name.

Return All Groups

The example below demonstrate how to return all of the user's Group ID or Name as a group names in the RADIUS attribute: called "Filter-Id"

First, create a RADIUS attribute (RADIUS > Radius Attribute > Create)

Image RemovedImage Added

In the field "Maps To:", write groups.id.join(','). If you are in favour of name, you can use groups.name.enter "groups?.name.join(',')". Also, check the box "return Return Response".

Now, To assign the Radius attributes attribute to a specified group(or user).

Image Removed

For example, we use (check) the one we just created.

Image Removed

Here we use NTRadPing as a radius client to do the test

Image Removed

As you can see the attribute in response Filter-Id=3. You can double confirm it with WireShark.

Image Removed

If you change the mapping as groups.name.join(','), then the result will be Filter-Id=aaa.

What if this user belongs to two groups, for instance aaa and ccc? The result will be Filter-Id=aaa,ccc.

Furthermore, if you want to return only one group name, e.g 'aaa', then you must assign the attribute on the group 'aaa'  and map the attribute to:

...

, navigate to the user's account, select "Radius Settings\Radius Attribute" from the context menu

Image Added

Then, select the Radius attribute, i.e. Filter-Id

Image Added


Return One Group

The example below demonstrate how to return one specifc group name in the RADIUS attribute: called "Filter-Id"

First, create a RADIUS attribute (RADIUS > Radius Attribute > Create)

Image Added

In the field "Maps To:", enter "nestedGroups?.find{it.radiusAttributes.any{ att-> att.name=='Filter-Id'}}?.name

...

 

 ". Also, check the box "Return Response".

Now, navigate to the user group from "Directory | Groups", select "Radius Settings\Radius Attribute" from the context menu

Image Added

Then, select the Radius attribute, i.e. Filter-Id

Image Added

Content by Label
showLabelsfalse
showSpacefalse
cqllabel = "radius-attribute"
labelsradius-attribute