Pushing group attribute from OpenDirectory to Cisco
Sander van Loosbroek
sander at vanloosbroek.com
Thu Sep 23 16:03:35 CEST 2010
Hello Peter and Alan,
Thank you for your reply. I've given the documentation of Peter a look but I'm not that familiar with LDAP or how its underpinnings work in OS X Server.
When the Cisco router now authenticates against the FreeRADIUS server all works fine except for the fact that the group name is not returned with the webvpn:vpn-user-group attribute. What is unclear to me is how I instruct FreeRADIUS to include that attribute when it returns the authorization message. I have made the following addition to my clients file:
client 192.168.13.1/32 {
secret = xxx
shortname = vpn
nastype = cisco
}
I have added a policy to the Cisco router to pick up the attribute but it doesn't seem to get through. Can you suggest what to try next?
Thanks,
Sander
More information about the Freeradius-Users
mailing list