[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Active Directory Juniper mapping attribute - no local login-id configured
From:       Alan DeKok <aland () deployingradius ! com>
Date:       2021-09-06 12:53:31
Message-ID: 3BBEEBF8-9950-4505-B10B-438D68A17AF4 () deployingradius ! com
[Download RAW message or body]

On Sep 3, 2021, at 2:43 PM, Steven Vacaroaia <stef97@gmail.com> wrote:
> I am trying to setup 2FA for my Juniper switches using Freeradius,
> Active Directory and Yubikey
> ...
> "..
> to make sure that the group of users that you're allowing access to
> the EXs gets the following vendor-specific attribute returned in their
> access-accept message:
> 
> Vendor Code: 2636 (Juniper)
> 
> Attribute:1 Juniper-Local-User-Name
> 
> Value: "superUserClass"
> 
> ..."

  update reply {
	Juniper-Local-User-Name := "foo"
  }

> Do I have to modify AD schema and add those attributes or there is a
> better / smarter way to
> achieve the above  ?

  You can just add attributes.

> Any help/ instructions / ideas / documentation pointers will be
> greatly appreciated

$ man unlang

  And see the many examples in radiusd.conf.

  Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]