Deployed privacyIDEA on Ubuntu 18.04 LTS server in my lab environment. Integrated with AD for user authentication. Trying to pass AD Group membership in the RADIUS Filter-Id attribute, I get (from Wireshark):
Attribute Value Pairs
AVP: t=Vendor-Specific(26) l=20 vnd=NetKnights GmbH(44929)
AVP: t=Filter-Id(11) l=23 val=ARRAY(0x7f67e83b9310)
AVP: t=Reply-Message(18) l=28 val=privacyIDEA access granted
AVP: t=Proxy-State(33) l=5 val=323130
The JSON returned by the API Call is:
{
“detail”: {
“message”: “matching 1 tokens”,
“otplen”: 6,
“serial”: “OATH0001CD7B”,
“threadid”: 139707855726336,
“type”: “hotp”,
“user”: {
“email”: “george.lucas@arubalab.uk”,
“givenname”: “George”,
“groups”: [
“CN=Star Wars,CN=Users,DC=arubalab,DC=uk”,
“CN=Executive,CN=Users,DC=arubalab,DC=uk”,
“CN=Remote Desktop Users,CN=Builtin,DC=arubalab,DC=uk”
],
“mobile”: “”,
“password”: “”,
“phone”: “”,
“surname”: “Lucas”,
“username”: “george”
}
},
“id”: 1,
“jsonrpc”: “2.0”,
“result”: {
“status”: true,
“value”: true
},
My rlm_perl.ini file contains:
[Mapping]
serial = privacyIDEA-Serial
[Mapping user]
groups = Filter-Id
Any thoughts as to what I am doing wrong?