| Yubico Forum https://forum.yubico.com/ |
|
| [QUESTION] How to configure Yubiradius Vendor Attributes VSA https://forum.yubico.com/viewtopic.php?f=29&t=1223 |
Page 1 of 1 |
| Author: | bartoq [ Sun Nov 03, 2013 10:24 am ] |
| Post subject: | [QUESTION] How to configure Yubiradius Vendor Attributes VSA |
Hi All, I've been trying to configure the YubiRaius 3.6.1 to return Vendor Specific Attributes ( VSA ) with no success. Has anyone succesfully configure Yubiradius to return VSA at all ? if yes can you share which config file that I need to configure ? Thanks, Alberto |
|
| Author: | bartoq [ Mon Nov 04, 2013 2:21 am ] |
| Post subject: | Re: [QUESTION] How to configure Yubiradius Vendor Attributes |
I've got this working by adding the attributes in the /etc/freeradius/users file and adding the dictionary under /usr/share/freeradius/ DEFAULT Auth-Type = pap PaloAlto-Admin-Role = "superuser", PaloAlto-User-Group = "VPNgroup", Service-Type = Login-User --------------------- Dictionary file VENDOR PaloAlto 25461 BEGIN-VENDOR PaloAlto ATTRIBUTE PaloAlto-Admin-Role 1 string ATTRIBUTE PaloAlto-Admin-Access-Domain 2 string ATTRIBUTE PaloAlto-Panorama-Admin-Role 3 string ATTRIBUTE PaloAlto-Panorama-Admin-Access-Domain 4 string ATTRIBUTE PaloAlto-User-Group 5 string END-VENDOR PaloAlto |
|
| Author: | jschreiner [ Tue Nov 05, 2013 5:48 pm ] |
| Post subject: | Re: [QUESTION] How to configure Yubiradius Vendor Attributes |
You'll have to add a vendor dictionary to freeradius's dictionary files /usr/share/freeradius/ (if I recall correctly) and make sure the vendor dictionary is configured to load in the /usr/share/freeradius/dictionary file using $INCLUDE dictionary.vendorxyz and restart freeradius. I used the ldap mapping /etc/freeradius/ldap.attr to map my vendor attributes to the ldap attribute which I chose. It helps to run freeradius in debug mode to troubleshoot. You run debug mode using the following freeradius -X. The catch is this is debian and there is a bug so you actually have to run this command instead LD_PRELOAD=/usr/lib/libperl.so.5.10 freeradius -X. Here some info about the bug http://www.packetfence.org/bugs/view.ph ... &history=1 Hopefully that helps you. I spent quite a bit of time figuring it out and still have lots to learn. |
|
| Author: | bartoq [ Fri Nov 08, 2013 12:23 pm ] |
| Post subject: | Re: [QUESTION] How to configure Yubiradius Vendor Attributes |
Hi , thanks for the reply, do you have any example for the ldap.attrmap config ? Do I also need to enable the ldap setting in sites-enabled/default ? Thanks |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|