VPN and Group Policy
Berndt Sevcik
berndt.sevcik at tgm.ac.at
Wed Feb 21 14:03:12 CET 2007
We are using a Cisco ASA Firewall for VPN access (lika a VPN3000).
The RADIUS server should authenticate our users and assign them a
group policy. Somewhere I read that I have to send the CLASS
attribute in the RADIUS reply to assign the grou policy to a user.
When I look at the debug output from the firewall I can see that the
attribut is sent to the firewall. Also the access accept packet is
received by the firewall.
Radius: Code = 2 (0x02)
Radius: Identifier = 17 (0x11)
Radius: Length = 88 (0x0058)
Radius: Vector: 2B9061A9AA15E08DA2F1FACCFFD012F7
Radius: Type = 25 (0x19) Class
Radius: Length = 16 (0x10)
Radius: Value (String) =
4f 55 3d 49 54 2d 53 65 72 76 69 63 65 3b | OU=IT-Service;
,,,,,
rad_procpkt: ACCEPT
RADIUS_ACCESS_ACCEPT: normal termination RADIUS_DELETE
remove_req 0xf6d9874 session 0x208 id 17 free_rip 0xf6d9874
radius: send queue empty
Is there an other attribut so send back? Something special to know
about freeRADIUS config? Has someone a working config ore some tipps
for me?
Thanks in advance.
Berndt
-----------------------------------------
TGM - Die Schule der Technik
IT-Service
A-1200 Wien, Wexstr. 19-23
Tel. +43(1)33126/316 Fax: +43(1)33126/154
E-Mail: berndt.sevcik at tgm.ac.at
-----------------------------------------
More information about the Freeradius-Users
mailing list