Radius Attributes
  Download PDF

How To Send a Radius Attributes with WebADM

For this “HowTo”, we start with a WebADM and a Radius Bridge up and running.

1. Sending a LDAP Value

We select the user in WebADM and we click on WebADM settings: None [CONFIGURE]:


We select OpenOTP and scroll down to RADIUS Options, we check the box and click on Edit:

We select an attribute from a dictionary. We check that Gandalf-Phone-Number-1 attribute is present in Radius Bridge:

[root@localhost ~]# grep -r "Gandalf-Phone-Number-1" /opt/radiusd/lib/dictionaries/
/opt/radiusd/lib/dictionaries/dictionary.gandalf:ATTRIBUTE	Gandalf-Phone-Number-1			17	string

We add the attribute name and the value from the mobile LDAP attribute:

We apply twice and we try with radtest:

[root@localhost ~]# /opt/radiusd/bin/radtest john
Enter password: ******
(0) -: Expected Access-Accept got Access-Challenge
Result: Challenge
Session: 32773731486f443674624f393349416a
Enter your TOKEN password: 381469
Result: Success
Sent Access-Request Id 177 from 0.0.0.0:51646 to 127.0.0.1:1812 length 71 User-Name: "john"
User-Password: "381469"
State: 0x32773731486f443674624f393349416a NAS-Identifier: "RadTest"
Cleartext-Password: "381469"
Received Access-Accept Id 177 from 127.0.0.1:1812 to 0.0.0.0:0 length 63 Reply-Message: "Authentication success"
Gandalf-Phone-Number-1: "123 456 789"

We can see Gandalf-Phone-Number-1 radius attribute at the end with the value from mobile LDAP attribute.

2. Sending a Value To All Members of a Group

We select the group in WebADM:

We click on Activate Now! and Proceed:

We click on Extend Object:

We click on WebADM settings: None [CONFIGURE]:

We select OpenOTP and scroll down to RADIUS Options, we check the box and click on Edit:

We select an attribute from a dictionary. We check that ASA-Group-Policy attribute is present in Radius Bridge:

[root@localhost ~]# grep -r "ASA-Group-Policy" /opt/radiusd/lib/dictionaries/
/opt/radiusd/lib/dictionaries/dictionary.cisco.asa:ATTRIBUTE	ASA-Group-Policy			25	string

We add the attribute name and a value:

We apply twice and we try with radtest:

[root@localhost ~]# /opt/radiusd/bin/radtest john
Enter password: ******
(0) -: Expected Access-Accept got Access-Challenge
Result: Challenge
Session: 705179694d59693771534a6b536e4f65
Enter your TOKEN password: 090807
Result: Success
Sent Access-Request Id 32 from 0.0.0.0:57454 to 127.0.0.1:1812 length 71 User-Name: "john"
User-Password: "090807"
State: 0x705179694d59693771534a6b536e4f65 NAS-Identifier: "RadTest"
Cleartext-Password: "090807"
Received Access-Accept Id 32 from 127.0.0.1:1812 to 0.0.0.0:0 length 55 Reply-Message: "Authentication success"
ASA-Group-Policy: "vpn"

We can see ASA-Group-Policy radius attribute at the end with vpn value.