By: Brian Carey user 10 Jul 2020 at 2:58 p.m. CDT

2 Responses
Brian Carey gravatar
Dear Support, I have a Gluu server installed and generally functional. I have the built in Radius server configured and working to authenticate users. However, I was wondering if it is possible to have the Access-Accept response also return attributes, specifically **Filter-ID**, containing the Group(s) the user belongs to? Specifically, here is the current Access-Accept from the Gluu Radius server: ![](https://i.paste.pics/9f23962bcdbb9fc3b78aab6edec5294e.png) And here is one from a different Radius server that can be configured to send this additional attribute: ![](https://i.paste.pics/6cd3a4120def6d86b3c2be104993bd59.png) The reason I'm asking is we would like to use Gluu/SuperGluu to do 2FA for VPN access, however the device requires that this attribute is returned, as per the documentation: > make sure that the RADIUS server sends a Filter-Id attribute (RADIUS attribute 11) when a user successfully authenticates. This tells the VPN what group the user is a member of. Any insight would be greatly appreciated. Thanks!

By Michael Schwartz staff 10 Jul 2020 at 4:06 p.m. CDT

Michael Schwartz gravatar
The RADIUS implementation in Gluu is very simple. Another product we recommend, and that ships with a much richer RADIUS implementation is called [Radiator](https://www.open.com.au/radiator/). There is a Gluu authentication script in Radiator that uses the ROPW OAuth grant, and it works with Super Gluu.

By Brian Carey user 13 Jul 2020 at 7:47 a.m. CDT

Brian Carey gravatar
Thanks for the quick response Michael! I'll have a look at Radiator and see if that will work for us.