Connect-Info in

Hi, i have searched the forum and can not find the information i need.
I have a new setup of privacyidea on an ubuntu 18.04 LTS and so far all is working proper.
now id like to read the information from the Field Connect-Info and map it to a Attribute called Fortinet-Group-Name.

The reason behind is that i have one user with multiple realms and i need to send back this to mi firewall. one account is used for ssl vpn and the other is used as an admin for the firewall itself. if i can filter the Connect-Info and send it to the Fortinet-Group-Name this would be very nice.

the Actual output of the Radius debugging contain that value but i cant map it in the rml_perl.ini

(0) perl: &request:Connect-Info = $RAD_REQUEST{‘Connect-Info’} -> ‘vpn-ssl’
(0) perl: &request:NAS-Port-Type = $RAD_REQUEST{‘NAS-Port-Type’} -> ‘Virtual’
(0) perl: &request:User-Name = $RAD_REQUEST{‘User-Name’} -> ‘x.yyyyyy’
(0) perl: &request:Fortinet-Vdom-Name = $RAD_REQUEST{‘Fortinet-Vdom-Name’} -> ‘root’
(0) perl: &request:User-Password = $RAD_REQUEST{‘User-Password’} -> ‘***************’
(0) perl: &request:NAS-IP-Address = $RAD_REQUEST{‘NAS-IP-Address’} -> ‘xxxxxxxx’
(0) perl: &request:NAS-Identifier = $RAD_REQUEST{‘NAS-Identifier’} -> ‘NAS’
(0) perl: &request:Acct-Session-Id = $RAD_REQUEST{‘Acct-Session-Id’} -> ‘xxxxxxx’
(0) perl: &request:Called-Station-Id = $RAD_REQUEST{‘Called-Station-Id’} -> ‘xxxxxxxxxxx’
(0) perl: &request:Calling-Station-Id = $RAD_REQUEST{‘Calling-Station-Id’} -> ‘xxxxxxxxxx’
(0) perl: &reply:Fortinet-Group-Name = $RAD_REPLY{‘Fortinet-Group-Name’} -> ‘aaaaa’
(0) perl: &reply:Reply-Message = $RAD_REPLY{‘Reply-Message’} -> ‘privacyIDEA access granted’
(0) perl: &reply:privacyIDEA-Serial = $RAD_REPLY{‘privacyIDEA-Serial’} -> ‘xxxxxxxxxxx’
(0) perl: &control:Auth-Type = $RAD_CHECK{‘Auth-Type’} -> ‘Perl’
(0) [perl] = ok
(0) } # Auth-Type Perl = ok
(0) Sent Access-Accept Id 25 from xxxxxxx to xxxxxxxxx length 0
(0) Fortinet-Group-Name = “aaaaa”
(0) Reply-Message = “privacyIDEA access granted”
(0) privacyIDEA-Serial = “xxxxxxxxxx”
(0) Finished request
Waking up in 4.9 seconds.
(0) Cleaning up request packet ID 25 with timestamp +13

thx for your help greetings Christian

Hello Christian,
welcome to the privacyIDEA community.

You might want to take a look at this:


regards
Cornelius

Hi , thx i have watched this video and it was partly a help for me. The only problem is if i adopt my rlm_perl.ini in that way that i try to map the

radiusAttribute = Fortinet-Group-Name
usersAttribute = Connect-Info
regex = (.*)

and the problem is that the

Fortinet-Group-Name = ‘’

and not the value from Connet-Info like ssl-vpn ore the other values.

gratings and thank you very much for your fast reply.

This is still poking in the dark.
You need to carefully look at the JSON response of an authentication request and at the complete rlm_perl.ini config.