[RADIATOR] TACACS authorization without authentication
Hugh Irvine
hugh at open.com.au
Fri Apr 16 16:39:14 CDT 2010
Hello Vangelis -
There is an example in the "users" file included in the Radiator distribution.
Here it is:
# This example shows how to configure a Cisco VPDN circuit:
open.com.au User-Password=cisco, Service-Type=Outbound-User
cisco-avpair = "vpdn:tunnel-id=cca-gw",
cisco-avpair = "vpdn:ip-addresses=1.2.3.4",
cisco-avpair = "vpdn:nas-password=pw",
cisco-avpair = "vpdn:gw-password=pw"
Note that this is returned from the RADIUS request processing that is issued by ServerTACACSPLUS.
regards
Hugh
On 16 Apr 2010, at 22:44, Vangelis Kyriakakis wrote:
> Hello,
>
> How can I configure ServerTACACSPLUS to do per domain authorizations
> without authenticating the users first?
> I would like to be able to use the following tacacs configuration:
>
> user = domain.gr {
> service = ppp protocol = vpdn {
> tunnel-type = l2tp
> tunnel-id = F_DOMAIN
> vpdn-group = F_DOMAIN
> l2tp-tunnel-authen=no
> ip-addresses = "xxx.xxx.xxx.xxx"
> }
> }
>
> Regards
> Vangelis Kyriakakis
> FORTHnet S.A.
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list