Pushing group attribute from OpenDirectory to Cisco

Sander van Loosbroek sander at vanloosbroek.com
Thu Sep 23 16:03:35 CEST 2010

Hello Peter and Alan,

Thank you for your reply. I've given the documentation of Peter a look but I'm not that familiar with LDAP or how its underpinnings work in OS X Server.

When the Cisco router now authenticates against the FreeRADIUS server all works fine except for the fact that the group name is not returned with the webvpn:vpn-user-group attribute. What is unclear to me is how I instruct FreeRADIUS to include that attribute when it returns the authorization message. I have made the following addition to my clients file:

client {
	secret = xxx
	shortname = vpn
	nastype = cisco

I have added a policy to the Cisco router to pick up the attribute but it doesn't seem to get through. Can you suggest what to try next?


More information about the Freeradius-Users mailing list