something like huntgroups?
mzagrabe at d.umn.edu
Tue Jul 2 03:30:53 CEST 2013
Our Cisco VPN concentrator is sending some RADIUS attributes in the
request packet and if certain values appear, then I'd like to only
allow a subset of users to login.
I've looked at:
the SQL Huntgroup howto and it seemed close, but the scenario that I
am looking at is slightly different and I am getting mixed up. I am
hoping for some help.
Here is my scenario:
We have a generic VPN profile that we'd like to allow *all* users to
login to - this works well.
When users login to the "secret" profile, then the following VPN
attribute is included in the request:
Vendor-3076-Attr-146 = 0x554d44
The attribute and value are known and constant, thus I can make
decisions on them.
Users who are in the "secret" group should be able to login to *both*
the generic profile (which does not have the Vendor-3076-Attr-146 =
0x554d44 pair) and the "secret" profile, which does have the pair.
If a user is not in the secret group, then their login should fail if
the Vendor-3076-Attr-146 = 0x554d44 pair is in the request.
Thanks for any advice or design input!
More information about the Freeradius-Users