Pushing group attribute from OpenDirectory to Cisco
Sander van Loosbroek
sander at vanloosbroek.com
Sun Sep 19 20:46:57 CEST 2010
I have successfully set up Freeradius that comes with Mac OS X Server 10.6 to authenticate WebVPN users on a Cisco IOS router. Now I'm trying to parse the webvpn:user-vpn-group attribute to the Cisco so I can set up different WebVPN policies. I run into 2 problems:
1) There doesn't seem to be a dictionary for Cisco's Webvpn. There are some for the VPN concentrator series but this are not compatible with Cisco's IOS. Does that mean I have to build my own? The attribute value-pairs are listed here: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6657/prod_white_paper0900aecd8051ac3a.html
2) I can't find out how to connect the group name value from OpenDirectory to an attribute. The rlm_opendirectory module does check for a group (to see if it's allowed to use the Radius service) but it's unclear to me how to grab that value and use it as an attribute.
Any thoughts are appreciated.
More information about the Freeradius-Users