Howto Authenticate Undefined Users

Matthias Cramer matthias.cramer at iway.ch
Wed Sep 9 17:10:46 CEST 2009


Ivan Kalik wrote:
>> That sounds nice. But he still needs some attributes and the NAS has to
>> think that he is authenticated...
> 
> Then you should have a NAS with fascility to place unauthenticated users
> into a guest VLAN. And you don't need a captive portal.

I explain a little bit more what I like to do ...

I have a Cisco LNS which terminates L2TP Tunnels.
This cisco makes the Radius request to my freeradius.
Normal Users get authenticated normaly, get Static or dynamic ip's and so on.
User not in the sql database should get assigned a vrf group and a ip pool for assigning ip's
(I know how to do that with Cisco-AVPairs).

This vrf has a default route to a linux box doing some magic stuff with iptables and apache (not done jet).

Hope that clears up some things.

Regards

  Matthias

-- 
Matthias Cramer / mc322-ripe   Senior Network & Security Engineer
iWay AG	                       Phone +41 43 500 1111
Josefstrasse 225               Fax   +41 44 271 3535
CH-8005 Zürich                 http://www.iway.ch/
GnuPG 1024D/2D208250 = DBC6 65B6 7083 1029 781E  3959 B62F DF1C 2D20 8250





More information about the Freeradius-Users mailing list