Have a client with multiple secrets?

[Alexander Clouter]

Hi,

freeradius at corwyn.net wrote:
> 
> I have a firewall that i connect to over SSH to manage. It has a 
> client entry with a secret in clients.conf, it's got a huntgroup 
> entry, and the huntgroup has entries in the users file, and 
> everything is working fine (I think I've got the order right there).
> 
> The frewall also serves as teh VPN server, authenticating users 
> through radius. But I'd like the VPN users to use a different secret 
> and, more importantly, a different huntgroup (since the user group 
> for authentication is different between those two groups).  Is that possible?
> 
If you run FreeRADIUS in debugging mode (-X) you should see a difference 
in the type of incoming requests; typically things like NAS-Port-Type
will change or Service-Type.  Then using either unlang, hints or 
huntgroups you will be able to differentiate between them by testing for 
the presence of these attributes/values or the lack of them.

If the requests are identical, bin the product and tell the venduh why 
(unless they have a fix).  Your only workaround is hope that you can 
send the different requests to different IP's and/or ports and get 
FreeRADIUS to use that as the differentiator.

Cheers

-- 
Alexander Clouter
.sigmonster says: Postmen never die, they just lose their zip.