freeradius and Cisco VPN IPSEC profiles authentication
Jevos, Peter
Peter.Jevos at oriflame.com
Fri Nov 12 18:17:20 CET 2010
As a hint, if you don't implement a rule for a different NT-Domain,
then the rules for that different NT-Domain won't be applied. Because
they don't exist.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thank you Alan , it makes sense. But it doesn't solve my problem
In my cisco configuration there is a group:
crypto isakmp client configuration group vipgroup
key xxxx
dns 1.1.11.10 1.1.11.11
wins 1.1.11.12 1.1.11.13
pool vpn-vipgroup
How could i ensure that this group with this parameters will be accesible only for the users from the domain vipdomainusers ( e.g. ntlm_auth_vipusers authentication) ?
The other groups configured on the same router will be accessible for any domain users ( but i cannot name hundreds domains in the freeradius config )
point is that cisco radius doesn't send a group name ( vipgroup ) in the request to the radius server
Ok, i can return CiscoAv pairs (pool, dns... )to the router, but still if any domain user try to connect to the group vipgroup, it recieves the pool and other parameters
thanks, you're great that you can help us
pet
thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101112/d061840c/attachment.html>
More information about the Freeradius-Users
mailing list