Users

Importing users

GreenRADIUS imports users from different LDAP servers:

  1. Active Directory
  2. OpenLDAP (there is also an onboard OpenLDAP which can be used as the user store)
  3. 389 DS
  4. FreeIPA

The LDAP server must remain reachable for GreenRADIUS to work, as authentication requests to GreenRADIUS involve a subsidiary request to the LDAP server.

LDAP configuration is found under the Directory Server tab.

LDAP configuration

Set the IP address/hostname/FQDN to point to a running LDAP server. The credentials must have the correct permission(s) to allow GreenRADIUS to log into the LDAP server and fetch (read) the user list.

Complete the additional fields to import users from your Active Directory or OpenLDAP. Note the following:

  • For the "Login Name Identifier"
    • For Active Directory, sAMAccountName is common, but other identifiers can also be used
    • For OpenLDAP, use uid
  • For the "Filter" field, consider importing users from a specific security group. An example filter string would be: (&(objectClass=person)(memberOf=CN=test_group,OU=Technology,DC=domain,DC=local)) Otherwise, to import all users, the filter string should be: (&(objectCategory=person)(objectClass=user))
  • The " Set Frequency" drop-down menu sets the scheduled frequency that GreenRADIUS will import/update users from your directory server

Next, click "Save and Import" to import the users into the selected domain.

The Users Tab

When a domain has been selected, the Users/Groups tab displays a list of users:

Users tab

From here you can perform administrative actions at the user level. These are covered in more detail in subsequent sections.

Groups

Group membership can be configured to be returned in the RADIUS response for each login attempt.

  1. Navigate to Configuration tab of the domain
  2. Set "Return User's Group Membership In RADIUS Response" to "Yes"
  3. Use the default "Response Format" unless the RADIUS clients require any specific text to be returned
  4. Set "Group Return Information" to "Only Group Name"
  5. Set "Return All Groups" as desired
  6. Click the Update button to save the settings

Group Membership Configuration

  1. Navigate to the Groups tab.
  • A group setting of "0" means the group is not prioritized
  • A group setting of "1" is the highest priority
  • A group setting of "2" is the next highest priority, and so on

Group Membership Prioritization

  1. The group(s) with the highest priority to which the user belongs will be returned in the RADIUS response. This can be tested in the RADIUS Test of the Troubleshoot tab

Group Membership Troubleshoot Test

Web Analytics Made Easy -
StatCounter

Updated 2023-03-03
© 2024 Green Rocket Security Inc. All rights reserved.