On Apr 4, 2019, at 10:02 AM, Alexander Harm <contact@aharm.de> wrote:
Hi, Synology's Radius Server is actually FreeRADIUS 3.0.15. Unfortunately they use their own "rlm_synorad" to block/deny access for specific users/groups.
That's common for companies to do.
This is the debug output of a small test:
synorad: Full name[REALM\user.name] synorad: block list[] synorad: block list[REALM\\Domain Guests] synorad: group[REALM\Group Policy Creator Owners], blockList[REALM\Domain Guests] synorad: group[REALM\ka.hq.all], blockList[REALM\Domain Guests] synorad: group[REALM\DnsAdmins], blockList[REALM\Domain Guests] synorad: group[REALM\Domain Users], blockList[REALM\Domain Guests] synorad: group[REALM\Denied RODC Password Replication Group], blockList[REALM\Domain Guests] synorad: group[REALM\ka.hq.portal], blockList[REALM\Domain Guests] synorad: group[REALM\AAD DC Administrators], blockList[REALM\Domain Guests]
I was wondering if there is any way of determining the variable/attribute name the group information is stored in? I would like to do something like this in the users file:
DEFAULT Synorad_Group == "REALM\ka.hq.all" Does anyone have an idea?
Ask Synology how their software works. Sorry, but that's the only answer here. Alan DeKok.