huntgroup issue, multiple huntgroups per device
Charles Tompkins
crt at thig.com
Wed Nov 15 19:02:28 CET 2006
Thanks Neal! That works like a champ.
Funny note: The attribute I chose to discriminate with isn't present in the
accounting requests, so I had to give vpn user huntgroup a 2nd entry and
attribute so accounting would work properly.
I appreciate the help.
Regards,
-Charles
-----Original Message-----
From: freeradius-users-bounces+crt=thig.com at lists.freeradius.org
[mailto:freeradius-users-bounces+crt=thig.com at lists.freeradius.org] On
Behalf Of Garber, Neal
Sent: Tuesday, November 14, 2006 3:51 PM
To: FreeRadius users mailing list
Subject: RE: huntgroup issue, multiple huntgroups per device
>Is it possible to have multiple huntgroups for the same NAS-IP-ADDRESS?
>I am running into this issue trying to configure a vpn appliance that
uses
>the same freeRADIUS server to authenticate its users as well as its
admins.
Yes, but something needs to distinguish the two (another attribute).
Are you saying that your appliance is using radius to authenticate VPN
users as well as to authenticate admins. that are using telnet/ssh/http
to administratively manage the appliance? If so, check the request
attributes for each type of access. Then, you can add the attribute
that lets you tell what access type the user is requesting.
For instance, I have an AP that uses FR to authenticate 802.11 users as
well as for local logons to the AP itself. In my case, the
NAS-Port-Type allows me to discern the difference between the two types
of access. For 802.11 user access, the AP sends NAS-Port-Type =
"Wireless-802.11" and for local logon, the AP sends NAS-Port-Type =
"Async" or "Virtual". Figure out what's different in the request and
then you can have multiple NAS-IP-Address == 10.20.30.1 entries with
different values in the other attribute. For example:
vpn NAS-IP-Address == 10.20.30.1, NAS-Port-Type == "XXX"
Group = VPNUSERS
vpn-admin NAS-IP-Address == 10.20.30.1, NAS-Port-Type == "YYY"
User-Name = admin1,
User-Name = admin2
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
CONFIDENTIAL NOTICE: This email including any attachments, contains
confidential information belonging to the sender. It may also be
privileged or otherwise protected by work product immunity or other
legal rules. This information is intended only for the use of the
individual or entity named above. If you are not the intended
recipient, you are hereby notified that any disclosure, copying,
distribution or the taking of any action in reliance on the contents
of this emailed information is strictly prohibited. If you have
received this email in error, please immediately notify us by
reply email of the error and then delete this email immediately.
More information about the Freeradius-Users
mailing list