FreeRadius - Pass LDAP Group (Attribute?) to RSSO?
matthew.stavert at nlsd.ab.ca
Wed Dec 13 06:12:08 CET 2017
Hello. My FreeRadius version on SLES is 2.1.1-7.18.1 My FreeRadius setup
is using eDirectory LDAP and integrates with the LDAP module on
FreeRadius. Recently, I decided it was a good idea to send my radius
authentication accounting data to my Fortigate using RSSO. I have this all
working, and my usernames from my chosen radius server are showing up on my
Fortigate now. I have one small hurdle now. When the usernames show up,
they are not associated with any groups. On the Fortigate I can associate
or make an RSSO group, that will look at a class attribute (I think), on
the FreeRadius server, and using that attribute the RSSO group will match
the usernames to that group, and match the group name with the username on
the Fortigate (I hope I'm explaining this well). I have found
documentation for MS NPS radius servers, but I am unsure of how to perform
the equivalent process on the FreeRadius server. I am hoping someone can
provide me with an example or point me in the right direction on how I can
perform this on FreeRadius since I am using Rreeradius server. It seems
like there might be a way to do this with the CLASS attribute, but I would
need help with this. I am open to any ideas, and or solutions with
FreeRadius that would accomplish this.
Thank-you in advance.
More information about the Freeradius-Users