group definitions in users file
ho
nospam at berwicke.de
Tue Apr 11 21:56:57 CEST 2006
Hi folks,
my environment:
I do AAA with freeradius as a radius-proxy in combination with ms-ias (only
for the passwords ;-) )for cisco asa 5540-box, which is similar to a cisco
pix firewall.
in the future we have many, many entries for users with the same
Cisco-AVPairs
USER1 Proxy-To-Realm := IAS
Service-Type = Framed-User,
Framed-Protocoll = PPP,
Cisco-AVPair += "ip:inacl# = permit udp any host A.B.C.D eq domain",
Cisco-AVPair += "ip:inacl# = permit udp any host A.B.C.D eq domain",
Cisco-AVPair += "ip:inacl# = permit tcp any host A.B.C.D eq 264",
Cisco-AVPair += "ip:inacl# = permit tcp any host A.B.C.D eq 443",
Cisco-AVPair += "ip:inacl# = permit udp any host A.B.C.D eq isakmp",
Cisco-AVPair += "ip:inacl# = permit udp any host A.B.C.D eq 2746",
Cisco-AVPair += "ip:inacl# = permit esp any host A.B.C.D",
Cisco-AVPair += "ip:inacl# = deny tcp any any",
Cisco-AVPair += "ip:inacl# = deny udp any any",
Fall-Through = 0
Is it possible to group the User entries and than give them the special
profile with the AVPairs?
If not, what could be another good workaround for this problem?
thanks
marco
More information about the Freeradius-Users
mailing list