freeradius and Cisco VPN IPSEC profiles authentication
Alan DeKok
aland at deployingradius.com
Fri Nov 12 21:31:11 CET 2010
Jevos, Peter wrote:
> Thank you Alan , it makes sense. But it doesn't solve my problem
(1) Edit your responses. It shows consideration for other people
(2) pick one problem at a time. Changing "the problem" midway in a
conversation makes it look like you don't care about the solution to the
first problem.
> In my cisco configuration there is a group:
> crypto isakmp client configuration group vipgroup
> key xxxx
> dns 1.1.11.10 1.1.11.11
> wins 1.1.11.12 1.1.11.13
> pool vpn-vipgroup
>
> How could i ensure that this group with this parameters will be
> accesible only for the users from the domain vipdomainusers ( e.g.
> ntlm_auth_vipusers authentication) ?
Go back and read my messages again. Is there anything in the RADIUS
packet which will distinguish the different groups? If not, you're out
of luck.
> The other groups configured on the same router will be accessible for
> any domain users ( but i cannot name hundreds domains in the freeradius
> config )
>
> point is that cisco radius doesn't send a group name ( vipgroup ) in the
> request to the radius server
Go ask Cisco to fix their equipment.
Alan DeKok.
More information about the Freeradius-Users
mailing list