freeradius and Cisco VPN IPSEC profiles authentication
Jevos, Peter
Peter.Jevos at oriflame.com
Thu Nov 4 17:15:36 CET 2010
On 04/11/10 15:52, Jevos, Peter wrote:
>>
>
> Dear Phil , thank you ,
> I removed Fall through parameter, it works partially, when user
comes
> from the address 10.1.1.252 and Tunnel-Private-Group-ID is not Group1,
> it takes the Auth-Type := ntlm_auth_vpn ( which is wrong ), and not
> Auth-Type := vpn_auth_name.
> Therefore there must be two conditions, one is NAS-IP-Address, second
is
> PVT-Group
So, match both fields.
Have you read the docs - specifically "man users"
You want something like:
DEFAULT Auth-Type := x, Service-Type == a, Tunnel-Private-Group-Id == b
Reply-Var-1 = ...
Note: ALL the conditions must be on the 1st line
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
Thank fo your reply, hoever as you can see from my previous posts, I did
it:
DEFAULT Auth-Type := ntlm_auth_vpn, NAS-IP-Address ==
10.1.1.252,Tunnel-Private-Group-ID == "Group1"
Tunnel-Type = "ESP",
Tunnel-Private-Group-ID = "Group1",
....
So in the first line is:
DEFAULT Auth-Type := ntlm_auth_vpn, NAS-IP-Address ==
10.1.1.252,Tunnel-Private-Group-ID == "Group1"
More information about the Freeradius-Users
mailing list