How to configure radius based on the isakmp group profile

Jevos, Peter Peter.Jevos at oriflame.com
Wed Jul 27 12:10:29 CEST 2011


Sorry, I made a mistake in the email.
My cisco sends to radius it's ip address, and isakmp-group-id ( or profile name )
Debug from radius -X :

        Cisco-AVPair = "isakmp-group-id=CiscoGroup"
         Acct-Session-Id = "61286"
        User-Name = "domain\\user"
        Cisco-AVPair = "connect-progress=No Progress"
        Acct-Authentic = Local
        Acct-Status-Type = Start
        NAS-Port-Type = Virtual
        NAS-Port = 20
        NAS-IP-Address = 10.1.1.1

How should I configure freeradius to accept request for this group (isakmp-group-id=CiscoGroup ) only for users, that are authenticated against Auth-Type := ntlm_auth_vpn_osw ( already used and working ) ?
However other groups ( or profiles ) should be authenticated against Auth-Type := vpn_auth_name
I tried this settings in the Users file  but It doesn't work

DEFAULT          Auth-Type := ntlm_auth_vpn_osw, NAS-IP-Address == 10.1.1.1, Cisco-AVPair == "isakmp-group-id=CiscoGroup"
                            Service-Type = Framed-User,
                           Framed-Protocol = PPP,

DEFAULT          Auth-Type := vpn_auth_name
                           Service-Type = Framed-User,
                          Framed-Protocol = PPP,

Thanks

pet
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110727/2b45ad9b/attachment.html>


More information about the Freeradius-Users mailing list