Two routers using the same Radius server?
Lewis Bergman
lbergman at wtxs.net
Wed Dec 14 04:18:51 CET 2005
Mark Tunnell wrote:
> Nice! That gets me almost all the way there. I'm able to
> authenticate using Auth-Type := Local. Now I just need to figure out
> how to authenticate that type of user name (user at realm) using
> Auth-Type := System. Any ideas how to go about that?
>>Mark Tunnell wrote:
>>
>>
>>>Suppose I have two Cisco routers both configured to authenticate to
>>>the same radius server. How do I allow a particular user access to
>>>one router but not the other? Is there a place in the clients.conf or
>>>users file to configure this?
>>>
>>
>>Oh yea, Alan gave me a trick with the hints file that adds a realm to a
>>client if one is not present that could also help.
>>DEFAULT User-Name !~ ".*@", NAS-IP-Address == "ip of client"
>> User-Name := "%{User-name}@realmtoadd.com"
Well, take a look at the docs and there is an explination of the
variables you can play with. I don't know what adding an @in the
username would do to a linux password file but my guess would be nothing
spectacular. Running radiusd -X will give you what the cisco is passing
and you can use that to decide what to check attribute to manipulate.
--
Lewis Bergman
Texas Communications
4309 Maple St.
Abilene, TX 79602-8044
Off. 325-691-1301
Cell 325-439-0533
fax 325-695-6841
More information about the Freeradius-Users
mailing list