Page 1 of 1

Using RADIUS with Group, Permissions and IP Assignment

Posted: Tue Mar 17, 2020 5:18 pm
by gary.steers@gtt.net
All,

I had previously used a similar guide to below to get RADIUS with Groups support working:
https://openvpn.net/vpn-server-resource ... post_auth/

The previous one had an AD.py instead of the python attached, however as of 2.75 (and as far forward as 2.8.2) this is no longer working

I have updated the script and it is now working, an updated version can be found on my github:
https://github.com/garysteers/openvpn-a ... mapping.py

Hopw this helps a few people out...

Re: Using RADIUS with Group, Permissions and IP Assignment

Posted: Tue Mar 17, 2020 7:22 pm
by Logicwrath
I have RADIUS authentication enabled and it seems to work. I used the same article you posted to set this up.

When I ./authcli as as admin user I can authenticate but it does not allow the user to logon to the Admin web interface.

API METHOD: authenticate
AUTH_RETURN
status : SUCCEED
session_id : AS_gZ6G3aeNj1UWJSGV/2aFzw==
reason : RADIUS MS-CHAP2 access accepted
expire : 1584475314
user : removed
proplist : {'prop_deny': 'false', 'conn_group': 'Admins', 'prop_force_lzo': 'false', 'prop_autogenerate': 'true'}

I get:
You are not authorized to use the Admin UI
You do not have Administrative permission

I have a group called Admins on the access server, and this group has the Admin checkbox selected.

I have tried the python script in the article and your github version. Both seem to authenticate to Radius. Neither will allow an admin to logon.

Additionally, there are no persistent user records being created on the server. The admin/user_permissions page only shows the one default administrator user and none of the RADIUS authenticated users. This is on version 2.7.5 and 2.8.2. Is this related to your issue?

Re: Using RADIUS with Group, Permissions and IP Assignment

Posted: Thu Mar 19, 2020 5:17 pm
by atec
Same issue here.