Two routers using the same Radius server?

Lewis Bergman lbergman at wtxs.net
Wed Dec 14 04:18:51 CET 2005


Mark Tunnell wrote:
> Nice!  That gets me almost all the way there.  I'm able to
> authenticate using Auth-Type := Local.  Now I just need to figure out
> how to authenticate that type of user name (user at realm) using
> Auth-Type := System.  Any ideas how to go about that?

>>Mark Tunnell wrote:
>>
>>
>>>Suppose I have two Cisco routers both configured to authenticate to
>>>the same radius server.  How do I allow a particular user access to
>>>one router but not the other?  Is there a place in the clients.conf or
>>>users file to configure this?
>>>
>>
>>Oh yea, Alan gave me a trick with the hints file that adds a realm to a
>>client if one is not present that could also help.
>>DEFAULT User-Name !~ ".*@", NAS-IP-Address == "ip of client"
>>        User-Name := "%{User-name}@realmtoadd.com"
Well, take a look at the docs and there is an explination of the 
variables you can play with. I don't know what adding an @in the 
username would do to a linux password file but my guess would be nothing 
spectacular. Running radiusd -X will give you what the cisco is passing 
and you can use that to decide what to check attribute to manipulate.

-- 
Lewis Bergman
Texas Communications
4309 Maple St.
Abilene, TX 79602-8044
Off. 325-691-1301
Cell 325-439-0533
fax  325-695-6841



More information about the Freeradius-Users mailing list