Thank you for sharing; that is greatly appreciated.

Hi,

Thanks for the info.

I have gonethrough th elink shared and understood that we can use ADS groups can be used by MS-NPS Radius server however i would like to know, in SA role mapping rule on what what basis you are doing the rolemapping, is it using the user attribute type or username based because, your actual requirement is you wanted group looking using microsoft radius server as authentication/authorization server.

Regards,

Kannan

Hi Kannan,

I guess you are talking about the other thread:

https://forums.pulsesecure.net/topic/pulse-connect-secure/135441-role-mapping-based-on-active-direct...

Yes you are right, Radius Authentication is based on AD Group but once this method is used, so far I couldn't find a way to map roles based on AD Groups.

Apparently this is possible only with LDAP or AD Authentication. At Present, since we have few users, we are doing it by username. We intend to Implement RSA token Server later in May and maybe then we switch to AD or LDAP Authentication. Untill then I will be looking for a solution to the problem posted in the above thread.

Kind Regards

Khan

correct, AD group membership cannot be used through radius.