(RADIATOR) Cisco VPN Concentrator
Hugh Irvine
hugh at open.com.au
Thu Apr 29 17:27:38 CDT 2004
Hello Bret -
How are your groups defined?
The easiset way to do what you describe is simply have a series of
AuthBy clauses, one per group, with either an AddToReply or an AuthBy
DYNADDRESS (inside an AuthBy GROUP).
Something like this:
AuthByPolicy ContinueUntilAccept
<AuthBy ...>
# check group1
.....
AddToReply Framed-Pool = group1
</AuthBy>
<AuthBy ...>
# check group2
.....
AddToReply Framed-Pool = group2
</AuthBy>
<AuthBy ...>
# check group3
.....
AddToReply Framed-Pool = group3
</AuthBy>
.....
<AuthBy GROUP>
AuthByPolicy ContinueWhileAccept
<AuthBy ...>
# check groupwhatever
.....
</AuthBy>
<AuthBy DYNADDRESS>
.....
</AuthBy>
</AuthBy>
Otherwise I suppose you could return the group name when checking the
user and use it to define your pools on the Cisco.
Hope that helps.
regards
Hugh
On 30 Apr 2004, at 02:42, Bret Jordan wrote:
> For me a picture is worth a million words... If I could just see an
> example of how you do multiple groups and hand back IP addresses for
> certain users and other use DHCP or an IP pool I believe I can figure
> the rest out.
>
> Thanks.
>
> Bret
>
> Hugh Irvine wrote:
>
>>
>> Hello Bret -
>>
>> We have many customers using Radiator with Cisco VPN concentrators.
>>
>> There isn't really anything special about the users file.
>>
>> I have done a couple of Cisco VPN projects myself so I am happy to
>> answer your questions.
>>
>> regards
>>
>> Hugh
>>
>>
>> On 29 Apr 2004, at 09:07, Bret Jordan wrote:
>>
>>> Is anyone out there using Radiator with a Cisco VPN Concentrator
>>> (specifically a 3020)? If so I would like to ask you some
>>> questions and possibly see an example of users/group file.
>>>
>>> Thanks
>>> Bret
>>>
>>> --
>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>> Bret Jordan Dean's Office
>>> Director of Networking College of Engineering
>>> 801.585.3765 University of Utah
>>> jordan at coe.utah.edu
>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>>
>>>
>>> --
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>>
>>>
>>
>> NB: have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Bret Jordan Dean's Office
> Director of Networking College of Engineering
> 801.585.3765 University of Utah
> jordan at coe.utah.edu
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list