freeradius and Cisco VPN IPSEC profiles authentication
Alan DeKok
aland at deployingradius.com
Fri Nov 12 11:38:52 CET 2010
Jevos, Peter wrote:
> Hi Alan, , thanks , I’ve read it but it’s too complicated and I’m
> missing more examples of configurations
The raddb directory *does* come with examples.
> If anybody help me with the syntax and code location with this issue:
Sorry, but:
1) the "unlang" documentation contains a detailed description of the
syntax
2) my previous message gave the *specific* location of where the logic
should go.
*PLEASE* read the existing documentation and messages on this list.
Failure to do so is a major reason for not solving issues.
> If requests come from NAS-IP-Address==1.1.1.1 and the
> %{mschap:NT-Domain}=vipdomainuser , check them against module
> ntlm_auth_vip ( module is already working ) and if pass give them
> Cisco-Avpair += "ipsec:addr-pool=vip_vpn_pool" and other optional AVpairs.
The "unlang" syntax is pretty much exactly that. It's not that hard.
if ((NAS-IP-Address == 1.1.1.1) && "%{mschap:NT-Domain}" =
"vipdomainuser")) {
update control {
Auth-Type := ntlm_auth_vip
}
update reply {
Cisco-AVPair += "ipsec:addr-pool=vip_vpn_pool"
}
}
Alan DeKok.
More information about the Freeradius-Users
mailing list