Cisco AV Pair
Dan Fleming
flemingdp at gmail.com
Tue Jul 29 14:27:11 CEST 2014
Reading the documentation I am still at a loss. I am familiar on how to do
this with Cisco ACS, but looking to do it now with free radius. I now have
it working if I check the Cisco-avpair under the user in dalo Radius
(Cisco-avpair =~ .*SSID$) . Is there a way to configure this so i dont have
to keep typing that attribute under every user? I thought the group would
work, but from what you are saying it sounds like it wouldnt. I have tried
saying if it doesnt match the above regex then the Radgroupreply says (
Auth-Typ := Reject)
Thank you for your time.
Dan
On Mon, Jul 28, 2014 at 2:15 PM, Alan DeKok <aland at deployingradius.com>
wrote:
>
> Dan Fleming wrote:
> > Thank you I have read through it makes sense. So how do I do something
> > based on the results?
>
> The SQL document talks about "radreply", which lets you do something
> with the results.
>
> > I would like to only authorize a connection if the
> > users password matches and they are connecting to the correct ssid in
> > the av-pair. Is there a HOWTO or other document outlining how to do
that?
>
> No. Because that's a specific solution. The documents describe how
> the server works, and lets you put it together yourself.
>
> For your situation, the key is to understand that the server accepts
> users if their password is correct. If you add more conditional checks,
> the user is still accepted.
>
> The solution is either to:
>
> a) set the "known good" password ONLY if the conditions also match. The
> SQL documentation describes how to set conditions
>
> b) if the password is stored somewhere else (e.g. LDAP), then you need
> to REJECT the user if the conditions match.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140729/8e87ec3a/attachment.html>
More information about the Freeradius-Users
mailing list