Hello, yes it´s possible, but not with the "radius_request.Reply-Message" since it´s a reply not a request.
I think you need to add the radius attribute in the configuration->radius attributes (i don´t have the admin interface in front of me) then add Reply-Message. Once done, you should be able to use it in you administration rule in your radius source. Let me know if you have issue, i will dig a little bit more. Regards Fabrice Le ven. 20 août 2021 à 14:38, Павел Семенищев via PacketFence-users < [email protected]> a écrit : > Hi there > Has anyone configured RBAC for packetfence admins via external RADIUS? > > > -- > Best Regards, > Pavel > > > > Среда, 18 августа 2021, 19:46 +03:00 от Павел Семенищев via > PacketFence-users <[email protected]>: > > Hi there > > I’ve just installed ZEN-v10.3.0 > I am trying to set up web administrators authorization through an external > RADIUS server. > If I create Authentication Source -> Administration Rules > without conditions, then the administrator is authorized with the required > role > > [NasRadius rule AdminRoleNode] > action0 = set_access_level = Node Manager > status = enabled > match = any > class = administration > > But I need to assign different roles to different administrators. > How to add a condition and in which RADIUS attribute should I transfer the > role? > > I have tried adding a condition > > [NasRadius rule AdminRoleNode] > action0 = set_access_level = Node Manager > condition0 = radius_request.Reply-Message, equals, NodeManager > status = enabled > match = any > class = administration > > External RADIUS returns role in attribute > > Access-Accept (2), id: 0xa5, Authenticator: > 63540bff74a2eb318a4ba0b6b8b6c9c6 > Reply-Message Attribute (18), length: 13, Value: NodeManager > > But PF does not authorize the web administrator. > > -- > Kind regards, > Pavel Semenischev > _______________________________________________ > PacketFence-users mailing list > [email protected] > <http:///compose?To=packetfence%[email protected]> > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
