Send certain extra RADIUS attributes in an Access-Accept message
Some customers would like to send the (Dualshield) Group id as an attribute, to be used when defining access control within the customers VPN gateway.
This is a typical requirement in RADIUS authentication. Next we will show you how to do it.
Create a RADIUS attribute (RADIUS -> Radius Attribute -> Create)
In the field "Maps To:", write groups.id.join(','). If you are favour of name, you can use groups.name.join(','). Also, check the box "return Response".
Now, add Radius attributes to a specified group(or user).
For example, we use (check) the one we just created.
Here we use NTRadPing as a radius client to do the test
As you can see the attribute in response Filter-Id=3. You can double confirm it with WireShark.
If you change the mapping as groups.name.join(','), then the result will be Filter-Id=aaa.
What if this user belongs to two groups, for instance aaa and ccc? The result will be Filter-Id=aaa,ccc.
Furthermore, if you only add the attribute on group aaa (not on ccc) and you want to only return group name aaa, then use the following syntax.
nestedGroups.find{it.radiusAttributes.any{ att-> att.name=='Filter-Id'}}.name