Freeradius and Netscreen VPN Authentication

[freeradius]

Has anyone had any success with integrating Netscreen Group authentication with
FreeRadius?  I'm able to authenticate the individual user account, but the minute I try
to put the users in the various groups, the authentication fails with a "...belongs to a
different group in the RADIUS server than one allowed in the device" error.


---------- Original Message -----------
From: "freeradius" <freeradius at gardrail.com>
To: freeradius-users at lists.freeradius.org
Sent: Fri, 25 Nov 2005 08:27:09 -0500
Subject: Freeradius and Netscreen VPN Authentication

> Greetings,
> 
> I've been attempting to get freeradius-1.0.2-2 on Fedora core 4 to send the correct
> authentication information to my Netscreen VPN device.  my test user 
> information within the /etc/raddb/users file consists of:
> 
> freeradius       Auth-Type := Accept, Password=abcd1234, Ns-User-Group == Some_Secure_grp
> 
> ---------
> 
> When I remove the user-group "Some_Secure_grp" from the following Netscreen
> configuration line, I'm able to connect if I remove "Ns-User-Group == Some_Secure_grp"
> from the configuration line from raddb's users file.
> 
> set ike gateway "GATEWAY-SOME_SECURE_GRP" xauth server "FreeRadius" user-group
> "Some_Secure_grp"
> 
> ---------
> 
> If I attempt to utilize group authentication, I recieve the following 
> information in my event log on the Netscreen device:
> 
> 2005-11-23 14:31:56 system notif 00767 User freeradius belongs to a different
>                                       group in the RADIUS server than one
>                                       allowed in the device
> 
> ---------
> 
> If anyone has any ideas, I’d greatly appreciate it.  Juniper doesn't really 
> have many people on their staff that has in depth experience with freeradius. 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
------- End of Original Message -------