How to configure radius based on the isakmp group profile
Jevos, Peter
Peter.Jevos at oriflame.com
Wed Jul 27 09:52:43 CEST 2011
Hi ,
My cisco sends to radius it's ip address, and isakmp-group-id ( or profile name )
Debug from radius -X :
Cisco-AVPair = "isakmp-group-id=CiscoGroup"
Acct-Session-Id = "61286"
User-Name = "domain\\user"
Cisco-AVPair = "connect-progress=No Progress"
Acct-Authentic = Local
Acct-Status-Type = Start
NAS-Port-Type = Virtual
NAS-Port = 20
NAS-IP-Address = 10.1.1.1
How should I configure freeradius to accept request for this group (isakmp-group-id=CiscoGroup ) only for users, that are authenticated against Auth-Type := ntlm_auth_vpn_osw ( already used and working ) ?
However other groups ( or profiles ) should be authenticated against Auth-Type := vpn_auth_name
I tried this settings in the Users file but It doesn't work
DEFAULT Auth-Type := ntlm_auth_vpn_osw, NAS-IP-Address == 10.1.1.1, Cisco-AVPair == " CiscoGroup "
Service-Type = Framed-User,
Framed-Protocol = PPP,
DEFAULT Auth-Type := vpn_auth_name
Service-Type = Framed-User,
Framed-Protocol = PPP,
Thanks
pet
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110727/976401aa/attachment.html>
More information about the Freeradius-Users
mailing list