Check Active Directory Group Membership for TunnelGroupName

boycejboycej
in FreeRADIUS integration (Linux/Windows)
i am currently using the Virtual Machine version of Multiotp that has been upgraded. Current configuration below: multiOTP 5.9.9.1 2025-01-20 Web service is ready 2025-04-21 21:15:11, nginx/1.22.1, PHP/8.2.28 Is there any way to use a script within FreeRADIUS to check the Group Membership that multiotop has in the database/files? Such as this script below: elsif (ASA-TunnelGroupName == "Tech_CCS_AnyConnect" && LDAP-Group == "CCS_TECHS") { reject } I am currently using this with LDAP on another FreeRADIUS server without multiotop. Or is there another place I can make sure that the ASA-TunnelGroupName matches with the AD Group membership such as the multiotip.php or the multiotp.pl? Thanks for help.

Comments

  • adminfadminf
    Hello John, The group membership is defined by default in multiOTP in the reply as the "Filter-Id" attribute. You should be able to use the "Filter-Id" attribut value, but this should by used after calling the multiOTP perl script, like in the post-auth section. Keep us in touch if it worked as expected. Regards
Sign In or Register to comment.

© Vanilla Keystone Theme 2025