freeradius and Cisco VPN IPSEC profiles authentication
Jevos, Peter
Peter.Jevos at oriflame.com
Thu Nov 11 16:49:22 CET 2010
See "man unlang". Put the logic into raddb/sites-available/default,
the "authorize" section.
Uh... read the debug output, and look at the files in the "raddb"
directory. The directory has more than *one* file. This should be a
hint that the "users" file doesn't solve everything.
Alan DeKok.
Hi Alan, , thanks , I've read it but it's too complicated and I'm
missing more examples of configurations
If anybody help me with the syntax and code location with this issue:
If requests come from NAS-IP-Address==1.1.1.1 and the
%{mschap:NT-Domain}=vipdomainuser , check them against module
ntlm_auth_vip ( module is already working ) and if pass give them
Cisco-Avpair += "ipsec:addr-pool=vip_vpn_pool" and other optional
AVpairs.
If request comes from NAS-IP-Address==1.1.1.1 and the
%{mschap:NT-Domain}=guestdomainuser , check them against module
ntlm_auth_guests and if pass give them Cisco-Avpair +=
"ipsec:addr-pool=guest_vpn_pool" and other optional AVpairs.
Other point is that none can get the AV pair
"ipsec:addr-pool=vip_vpn_pool" if the %{mschap:NT-Domain} is not
vipdomainuser
Thank a lot for any hint
pet
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101111/b9a8d413/attachment.html>
More information about the Freeradius-Users
mailing list