Class attributes
Lasse Odden
lasse.odden at gmail.com
Mon Oct 30 08:15:14 CET 2017
Try to use;
reply:class := "Name_of_VPNgroup_in_ASA"
In examle:
if (LDAP-Group == "SSL-VPN-Visma-web") {
update {
reply:Class := "Visma-web_Grp"
}
}
else {
update {
reply:Class := "NoAccess"
}
regards,
Lasse
On Mon, Oct 30, 2017 at 6:00 AM, Satish Patel <satish.txt at gmail.com> wrote:
> I am configuring freeradius for Cisco ASA VPN and i have create
> multiple Group Policy on ASA now i want to send those group name back
> to NAS using Class Attributes #25 as per following document (they are
> using Windows IAS)
>
> http://www.dasblinkenlichten.com/using-radius-attributes-
> during-webvpn-logon/
>
> Same setup i want to do in Linux Freeradius so where should i definite
> that attribute? Should i use that in /etc/raddb/user or
> /etc/raddb/sites-enabled/default file in post-auth section? I did
> following and i am getting following result but not sure i am doing it
> right or not
>
> post-auth {
> update reply {
> Class := OU=Group_VPN;
> }
> }
>
>
>
> Sent Access-Request Id 40 from 0.0.0.0:35534 to 127.0.0.1:1812 length 76
> User-Name = "user1"
> User-Password = "password1"
> NAS-IP-Address = 10.5.3.31
> NAS-Port = 1812
> Message-Authenticator = 0x00
> Cleartext-Password = "password1"
> Received Access-Accept Id 40 from 127.0.0.1:1812 to 0.0.0.0:0 length 35
> Class = 0x4f553d47726f75705f56504e3b
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
More information about the Freeradius-Users
mailing list