Hello,
I’m unable to get the details like say a group name that a user is mapped to over radius response as I’ve used custom filters ID’s and regexps. I can find it on logs but ain’t displayed over radius response. Please find the below details so that I might find some help. Thanks!
[Attribute Fortinet-Group-Name]
dir = user
userAttribute = Fortinet-Group-Name
regex = CN=Test_Movie_(.*),OU=Org IT,OU=TEST, OU=TESTCORP,DC=testcorp,DC=local
val = Test_Movie_Tracker
prefix = Test_Movie_
[#Attribute Fortinet-Group-two]
dir = user
userAttribute = Fortinet-Group-two
regex = CN=MFA_GROUP_(.*),OU=Org IT,OU=TEST, OU=TESTCORP,DC=testcorp,DC=local
val = MFA_GROUP_Two
prefix = MFA_GROUP_
http --verify no POST https://localhost/validate/check user=mfa.1 pass=Act12345846053
{
“detail”: {
“message”: “matching 1 tokens”,
“otplen”: 6,
“serial”: “TOTP0024B155”,
“threadid”: 140576766564096,
“type”: “totp”,
“user”: {
“Fortinet-Group-two”: [
“CN=MFA_GROUP_Two,OU=Org IT,OU=TEST, OU=TESTCORP,DC=testcorp,DC=local”
],
“email”: “”,
“givenname”: “mfa”,
“mobile”: “”,
“password”: “”,
“phone”: “”,
“surname”: “”,
“username”: “mfa.1”
}
},
“id”: 2,
“jsonrpc”: “2.0”,
“result”: {
“authentication”: “ACCEPT”,
“status”: true,
“value”: true
},
“signature”: “rsa_sha256_pss:90a5fdbbb1eeec2aa0a87fc6f8e38d2a686d271787b361c823232bbd447ecd5c0b917a6bf3db0c31b79c3e6d75c85e214839e01a1df8b67e7afb684cc7bf0269ffd12c7a28bbc8c9a476f237c36d95330737cd35ac13556b7de862f4e8e2e666bd38c54dd041921dabf0e8831598dcaf46c2861f511c8064946494fe342a642632a9588d796d910d703f3cd0c7206501edac32c9a870d1e4e28b6a70944201a24332e9a057d4f39c258111a85263246889ea6138b304d6c946e15843341b2c714eaada9b46ff36d5f9efa9c935a18a22b44b565509b5f04c8f295276c71d97bc40b75722428db24a25e2dd402b44c372a6b53cc2c96ee37bca0f13fa4cd60899”,
“time”: 1683178390.8726726,
“version”: “privacyIDEA 3.8”,
“versionnumber”: “3.8”
}
echo ‘User-Name=mfa.1 , User-Password=Act12345731232’ | radclient -xs 127.0.0.1 auth 2wCEAAkGBxAPDw8PDw8PDxA
Sent Access-Request Id 98 from 0.0.0.0:60613 to 127.0.0.1:1812 length 45
User-Name = “mfa.1”
User-Password = “Act12345731232”
Cleartext-Password = “Act12345731232”
Received Access-Accept Id 98 from 127.0.0.1:1812 to 127.0.0.1:60613 length 48
Reply-Message = “privacyIDEA access granted”
Packet summary:
Accepted : 1
Rejected : 0
Lost : 0
Passed filter : 1
Failed filter : 0
Thu May 4 11:09:22 2023 : Info: rlm_perl: user sent to privacyidea: mfa.1
Thu May 4 11:09:22 2023 : Info: rlm_perl: realm sent to privacyidea:
Thu May 4 11:09:22 2023 : Info: rlm_perl: resolver sent to privacyidea:
Thu May 4 11:09:22 2023 : Info: rlm_perl: client sent to privacyidea: 127.0.0.1
Thu May 4 11:09:22 2023 : Info: rlm_perl: state sent to privacyidea:
Thu May 4 11:09:22 2023 : Info: rlm_perl: urlparam client
Thu May 4 11:09:22 2023 : Info: rlm_perl: urlparam user
Thu May 4 11:09:22 2023 : Info: rlm_perl: urlparam pass
Thu May 4 11:09:22 2023 : Info: rlm_perl: Request timeout: 10
Thu May 4 11:09:22 2023 : Info: rlm_perl: Not verifying SSL certificate!
Thu May 4 11:09:23 2023 : Info: rlm_perl: elapsed time for privacyidea call: 0.766473
Thu May 4 11:09:23 2023 : Info: rlm_perl: privacyIDEA access granted for mfa.1 realm=‘’
Thu May 4 11:09:23 2023 : Info: rlm_perl: ++++ Parsing group: Attribute
Thu May 4 11:09:23 2023 : Info: rlm_perl: +++++ Found member ‘Attribute otherAttribute’
Thu May 4 11:09:23 2023 : Info: rlm_perl: ++++++ Attribute: IF ‘’->‘’ == ‘’ THEN ‘otherAttribute’
Thu May 4 11:09:23 2023 : Info: rlm_perl: ++++++ no directory
Thu May 4 11:09:23 2023 : Info: rlm_perl: +++++++ User attribute is a string:
Thu May 4 11:09:23 2023 : Info: rlm_perl: +++++++ trying to match
Thu May 4 11:09:23 2023 : Info: rlm_perl: ++++++++ Result: No match, no RADIUS attribute otherAttribute added.
Thu May 4 11:09:23 2023 : Info: rlm_perl: +++++ Found member ‘Attribute Class’
Thu May 4 11:09:23 2023 : Info: rlm_perl: ++++++ Attribute: IF ‘’->‘’ == ‘’ THEN ‘Class’
Thu May 4 11:09:23 2023 : Info: rlm_perl: ++++++ no directory
Thu May 4 11:09:23 2023 : Info: rlm_perl: +++++++ User attribute is a string:
Thu May 4 11:09:23 2023 : Info: rlm_perl: +++++++ trying to match
Thu May 4 11:09:23 2023 : Info: rlm_perl: ++++++++ Result: No match, no RADIUS attribute Class added.
Thu May 4 11:09:23 2023 : Info: rlm_perl: +++++ Found member ‘Attribute Fortinet-Group-Name’
Thu May 4 11:09:23 2023 : Info: rlm_perl: ++++++ Attribute: IF ‘user’->‘Fortinet-Group-Name’ == ‘CN=HYD_Movie_(.),OU=Org IT,OU=TEST, OU=TESTCORP,DC=testcorp,DC=local’ THEN ‘Fortinet-Group-Name’
Thu May 4 11:09:23 2023 : Info: rlm_perl: ++++++ searching in directory user
Thu May 4 11:09:23 2023 : Info: rlm_perl: +++++++ User attribute is a string:
Thu May 4 11:09:23 2023 : Info: rlm_perl: +++++++ trying to match
Thu May 4 11:09:23 2023 : Info: rlm_perl: ++++++++ Result: No match, no RADIUS attribute Fortinet-Group-Name added.
Thu May 4 11:09:23 2023 : Info: rlm_perl: +++++ Found member ‘Attribute Fortinet-Group-two’
Thu May 4 11:09:23 2023 : Info: rlm_perl: ++++++ Attribute: IF ‘user’->‘Fortinet-Group-two’ == 'CN=MFA_GROUP_(.),OU=Org IT,OU=TEST, OU=TESTCORP,DC=testcorp,DC=local’ THEN ‘Fortinet-Group-two’
Thu May 4 11:09:23 2023 : Info: rlm_perl: ++++++ searching in directory user
Thu May 4 11:09:23 2023 : Info: rlm_perl: +++++++ User attribute is a list: ARRAY(0x7f2c40079518)
Thu May 4 11:09:23 2023 : Info: rlm_perl: +++++++ trying to match CN=MFA_GROUP_Two,OU=Org IT,OU=TEST, OU=TESTCORP,DC=testcorp,DC=local
Thu May 4 11:09:23 2023 : Info: rlm_perl: ++++++++ Result: Add RADIUS attribute Fortinet-Group-two = MFA_GROUP_Two
Thu May 4 11:09:23 2023 : Info: rlm_perl: ++++ Parsing group: Mapping
Thu May 4 11:09:23 2023 : Info: rlm_perl: +++++ Found member ‘Mapping user’