Stefan Eck (gmail) wrote:
Well, the new NAS device sends 5 different NAS-Identifier. eg WebAdmin, SSLVPN or HTTP. But only one RADIUS can be configured.
One one RADIUS can be configured... where?
I'm just thinking about that users can be authenticated via RADIUS server1 and admin(webadmins) can be authenticated via RADIUS server2. Or similar like that.
Why?
Currently, I don't have any clue to take advantage of the NAS-Identifier. Where is this attribute configured on the RADIUS. Other devices send the NAS-IP, but this is only relevant for the shared secret or the accouting.
No. The server does NOT use the NAS-IP-Address to look up the shared secret. If you want to apply policies based on attributes, see "man unlang". You can write complex policies using a very simple language. Alan DeKok.