Possible? Same client with separate secrets for service separatio n?
Alan DeKok
aland at ox.org
Fri Jul 22 18:27:39 CEST 2005
"Burrill, Jim" <jim at adventistcare.org> wrote:
> Is it possible to configure a cisco Pix with separate radius
> definitions and auth against Freeradius using separate secrets so you can
> separate to specific groups?
That would be up to the PIX.
> We've attempted it and it seems to find the
> first client on the list and ignores the second. Any Ideas?
Listing two "clients" entries in FreeRADIUS won't work. A short way
to get around it is to run two radius servers on the same machine, one
one port X (for VPN), and one on port Y (for admin access). They can
each have different shared secrets for the PIX, and different
databases.
As of yesterday, the current CVS head supports per-socket lists of
clients. So you can run one server, have it listen on two ports, and
have different shared secrets for a client on each port.
Alan DeKok.
More information about the Freeradius-Users
mailing list