GreenRADIUS imports users from different LDAP servers:
- Active Directory
- OpenLDAP (there is also an onboard OpenLDAP which can be used as the user store)
- 389 DS
The LDAP server must remain reachable for GreenRADIUS to work, as authentication requests to GreenRADIUS involve a subsidiary request to the LDAP server.
LDAP configuration is found under the Directory Server tab.
Set the IP address/hostname/FQDN to point to a running LDAP server. The credentials must have the correct permission(s) to allow GreenRADIUS to log into the LDAP server and fetch (read) the user list.
Complete the additional fields to import users from your Active Directory or OpenLDAP. Note the following:
- For the "Login Name Identifier"
- For Active Directory,
sAMAccountNameis common, but other identifiers can also be used
- For OpenLDAP, use
- For Active Directory,
- For the "Filter" field, consider importing users from a specific security group. An example filter string would be:
(&(objectClass=person)(memberOf=CN=test_group,OU=Technology,DC=domain,DC=local))Otherwise, to import all users, the filter string should be:
- The " Set Frequency" drop-down menu sets the scheduled frequency that GreenRADIUS will import/update users from your directory server
Next, click "Save and Import" to import the users into the selected domain.
When a domain has been selected, the Users/Groups tab displays a list of users:
From here you can perform administrative actions at the user level. These are covered in more detail in subsequent sections.
Group membership can be configured to be returned in the RADIUS response for each login attempt.
- Navigate to Configuration tab of the domain
- Set "Return User's Group Membership In RADIUS Response" to "Yes"
- Use the default "Response Format" unless the RADIUS clients require any specific text to be returned
- Set "Group Return Information" to "Only Group Name"
- Set "Return All Groups" as desired
- Click the Update button to save the settings
- Navigate to the Groups tab.
- A group setting of "0" means the group is not prioritized
- A group setting of "1" is the highest priority
- A group setting of "2" is the next highest priority, and so on
- The group(s) with the highest priority to which the user belongs will be returned in the RADIUS response. This can be tested in the RADIUS Test of the Troubleshoot tab
© 2023 Green Rocket Security Inc. All rights reserved.