Mark Tunnell wrote:
Nice! That gets me almost all the way there. I'm able to authenticate using Auth-Type := Local. Now I just need to figure out how to authenticate that type of user name (user@realm) using Auth-Type := System. Any ideas how to go about that?
Mark Tunnell wrote:
Suppose I have two Cisco routers both configured to authenticate to the same radius server. How do I allow a particular user access to one router but not the other? Is there a place in the clients.conf or users file to configure this?
Oh yea, Alan gave me a trick with the hints file that adds a realm to a client if one is not present that could also help. DEFAULT User-Name !~ ".*@", NAS-IP-Address == "ip of client" User-Name := "%{User-name}@realmtoadd.com" Well, take a look at the docs and there is an explination of the variables you can play with. I don't know what adding an @in the username would do to a linux password file but my guess would be nothing spectacular. Running radiusd -X will give you what the cisco is passing and you can use that to decide what to check attribute to manipulate.
-- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 Off. 325-691-1301 Cell 325-439-0533 fax 325-695-6841