Return User Groups in Class field
Christian Salway
christian.salway at naimuri.com
Wed Nov 14 14:26:03 CET 2018
I use strongSwan to authenticate against FreeRadius which it does successfully but now I need FreeRadius to return the users groups in the Class field so strongSwan can check the User belongs to a group [1].
I've managed to work out how to add extra fields to the response by putting an update reply in the file /etc/raddb/sites-available/default
post-auth {
...
update reply {
Class = "%{Ldap-Group}"
}
...
}
Is that the place to put it??
but as you can see below, the Class is null.
(3) Sent Access-Accept Id 223 from 10.0.0.247:1812 to 10.0.0.120:48653 length 0
(3) MS-MPPE-Encryption-Policy = Encryption-Allowed
(3) MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
(3) MS-MPPE-Send-Key = 0x316216f0c4d55abb0cb8c2c741cad90c
(3) MS-MPPE-Recv-Key = 0x1ec76bc2958017969cbc3d67e716d4a4
(3) EAP-Message = 0x03030004
(3) Message-Authenticator = 0x00000000000000000000000000000000
(3) User-Name = "christian.salway"
(3) Class = 0x
(3) Finished request
How can I return the Users Active Directory groups in the Class field?
[1] https://wiki.strongswan.org/projects/strongswan/wiki/EapRadius#Group-selection <https://wiki.strongswan.org/projects/strongswan/wiki/EapRadius#Group-selection>
More information about the Freeradius-Users
mailing list