Returning of group membership information in YubiRADIUS

2012-05-15T15:41:48+01:00

Recently we have received a few mails asking about how YubiRADIUS returns the group membership information of the user.

YubiRADIUS returns user's group membership information as RADIUS attribute = 25 i.e. "CLASS".

If you wish you use this information in the authentication process by your client, you should

a) YRVA configuration:

1. You need to enable the 'Return user's Group Membership in RADIUS response’.

Typically 'Response format' is set as:

'cn= ;' (without quotes)

Goto “YubiRADIUS Virtual Appliance” >> Under “Domain” TAB select “domain name” >> Select “Configuration” >> Enable “Return user's Group Membership in RADIUS response” >> Enter group information in “Response format” as,

“cn= “”;”

Under “Group return information” select which ever is required either “Group DN” or “Group Name”

2. You can add client as per device IP and the client secret.

b) set the RADIUS attribute to 25 or CLASS in your device's configuration (please refer to user guide of your device for more details).

Statistics: Posted by samir — Tue May 15, 2012 3:41 pm

Yubico Forum

Returning of group membership information in YubiRADIUS