assignment of vendor specific attributes in the tacacs server
Simon N
simon.nattefort at protonmail.com
Fri Aug 16 16:38:33 UTC 2024
Hello everyone,
i am currently testing Version 4. I have already successfully connected the ldap module to an Active Directory server. Now I want to use the Tacacs server to authenticate and authorize users. I have already tested the authentication and it works without any problems. To assign certain authorizations to the user, I want to use the user's groups on the AD. I could already test it successfully by adding the following in the sites-available/tacacs file under send Authorization-Pass-Add:
if (%ldap.memberof(“Admin”)) {
&reply.Viptela.Viptela-Group-Name = “netadmin”
}
Now I wonder if I can also use the module files to assign vendor specific attributes. For example if the service == ppp, protocol == ip and the user has a specific LDAP group. Or is the top variant the only one I can use?
Thanks in advance for any help,
Simon
More information about the Freeradius-Users
mailing list