A vendor of mine provided the following script which works... But... I have created on my NPS server to send back a Vendor-Specific attribute. Specifically the Vendor is "RADIUS Standard" and the attribute number is 42. It should return the value of IT, COMPANY or CONTRACTOR. These exactly match the names of the groups I have defined in OpenVPN. I then want the script to assign the correct group to the user. In addition should they be IT I also want to make them an adminstrator for OpenVPN. Here is the script I currently have.
#openvpn post_auth script for improved authlite compatibility
import json
from pyovpn.plugin import *
def post_auth(authcred, attributes, authret, info):
# Don't do challenge/response on sessions or autologin clients.
# autologin client: a client that has been issued a special
# certificate allowing authentication with only a certificate
# (used for unattended clients such as servers).
# session: a client that has already authenticated and received
# a session token. The client is attempting to authenticate
# again using the session token.
if info.get('auth_method') in ('session', 'autologin'):
return authret
if 1 in info['radius_reply']:
ul = info['radius_reply'][1]
us = ''.join(ul)
#u = us
u = us.split("\\")[-1]
#print "returned username value", info['radius_reply'][1], "stripped to", u
authret['user'] = u
return authret
How do I get the correct piece of information out of the Radius Reply now? Anybody know how I would make the changes needed at least for the Conn_Group...
Authentication Script + Radius + Groups
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
nsumner
- OpenVpn Newbie
- Posts: 2
- Joined: Tue Apr 03, 2012 12:08 pm