(RADIATOR) Cisco VPN 3030 and multiple handlers?

Jeff Wolfe wolfe at ems.psu.edu
Thu May 13 13:52:27 CDT 2004


Hi folks.. 

I have a Cisco VPN3xxx box that I'm trying to integrate with my new
radiator installation.. 

I have 2 interfaces in use on the 3030, one is our local
VPN-over-Wireless service and the other is a more traditional remote
access VPN. Ideally, I would like to add an authorization step before
the authentication step on the remote access side, so that I can
restrict access to a subset of the total # of users in the kerberos
realm.
 
here's a snip from the config:

# Wireless requests come in here
<Handler Client-Identifier=vpn, Called-Station-Id=172.16.50.1>
  <AuthBy KRB5>
        KrbRealm dce.psu.edu
  </AuthBy>
  AcctLogFileName %D/vpnw.detail
</Handler>
# Remote access requests come in here
<Handler Client-Identifier=vpn, Called-Station-Id=146.186.x.x>
  <AuthBy KRB5>
        KrbRealm dce.psu.edu
  </AuthBy>
  AcctLogFileName %D/vpnr.detail
</Handler>


This works fine, but I'm not sure how to add the authorization step. I
tried adding an AuthBy File before the AuthBy KRB5, but with that in
place, any user who passed the authby file was immediately granted
access, regardless of their password. 

Is this functionality something I have to add to the Krb5 module?

Thanks!

-JEff


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list