| Yubico Forum https://forum.yubico.com/ |
|
| YubiRadius 3.5 issue with AD Groups https://forum.yubico.com/viewtopic.php?f=5&t=773 |
Page 1 of 1 |
| Author: | chavousc [ Tue Mar 20, 2012 4:34 am ] |
| Post subject: | YubiRadius 3.5 issue with AD Groups |
OK folks - Maybe I am misunderstanding what should be happening here. I would like YubiRadius to return the AD group membership with the radius response. So I set the option "Return user's Group Membership in RADIUS response" to Yes, I set the response format to blank and "Group Return information" to "Group Name ONly." Great right? Now, my understanding is the YubiRadius system (and FreeRadius) returns the group info in the "class" field. So - I run a test - and it returns class 0x434e3d5343432d46696e616e6369616c Is that some representation of my group that I am supposed to use? If so, WHICH group does it represent? I'm a member of two or three groups. Any help would be lovely!! Chavous |
|
| Author: | Neal [ Mon Mar 26, 2012 4:57 pm ] |
| Post subject: | Re: YubiRadius 3.5 issue with AD Groups |
It looks like a hexadecimal view of your group, specifically using a hex -> ascii converter gives "CN=SCC-Financial" which I'm assuming is one of your groups. Anything you enter in the "response format" is also converted to hex. Unfortunately I have not looked into using this myself yet but hope that this at least gives you a hand in the right direction. When I import users into YubiRadius only the groups under the Base DN are imported - you could use that to restrict the groups that YubiRadius knows about but I'm not certain if that will restrict the groups that freeRadius reports. When I convert my response from the class field it is for the group I imported but that could be just luck. Please let us know how you get on, I'm hoping to look at this myself in the next few weeks. |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|