Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 11:46 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Tue Mar 20, 2012 4:34 am 
Offline

Joined: Tue Mar 20, 2012 4:25 am
Posts: 1
OK folks - Maybe I am misunderstanding what should be happening here.

I would like YubiRadius to return the AD group membership with the radius response.

So I set the option "Return user's Group Membership in RADIUS response" to Yes, I set the response format to blank and "Group Return information" to "Group Name ONly."
Great right?

Now, my understanding is the YubiRadius system (and FreeRadius) returns the group info in the "class" field.

So - I run a test - and it returns
class 0x434e3d5343432d46696e616e6369616c

Is that some representation of my group that I am supposed to use? If so, WHICH group does it represent? I'm a member of two or three groups.

Any help would be lovely!!

Chavous


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Mon Mar 26, 2012 4:57 pm 
Offline

Joined: Tue Nov 04, 2008 8:55 pm
Posts: 19
It looks like a hexadecimal view of your group, specifically using a hex -> ascii converter gives "CN=SCC-Financial" which I'm assuming is one of your groups. Anything you enter in the "response format" is also converted to hex. Unfortunately I have not looked into using this myself yet but hope that this at least gives you a hand in the right direction.

When I import users into YubiRadius only the groups under the Base DN are imported - you could use that to restrict the groups that YubiRadius knows about but I'm not certain if that will restrict the groups that freeRadius reports. When I convert my response from the class field it is for the group I imported but that could be just luck.

Please let us know how you get on, I'm hoping to look at this myself in the next few weeks.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group