Hi folks, Currently I have a Cisco BAS terminating broadband customers. Most of our customers would have their PPP connection terminate on the BAS, but I would like to forward customers who specify a specific realm onto another BAS for another ISP. My customers are authenitcated using CHAP off an LDAP server.
I'm trying to configure Free Radius to supply the correct attributes for tunnels. I currently have the following config in users: DEFAULT REALM == "realm", Auth-Type := Accept Service-Type = Outbound-User, Tunnel-Type:1 = L2TP, Tunnel-Medium-Type:1 = IP, Tunnel-Client-Auth-Id:1 = "DSLIP", Tunnel-Server-Endpoint:1 = "xxx.xxx.xxx.xxx", Tunnel-Password:1 = "bookmark", Fall-Through = No If I query [EMAIL PROTECTED], I get the correct attributes back. However, if I query [EMAIL PROTECTED], where user2 has an LDAP entry, I get the following back: [EMAIL PROTECTED] doc]$ radtest [EMAIL PROTECTED] randomstring xxx.xxx.xxx.xxx 0 key Sending Access-Request of id 104 to xxx.xxx.xxx.xxx:1812 User-Name = "[EMAIL PROTECTED]" User-Password = "garbage" NAS-IP-Address = xxx.xxx.xxx.xxx NAS-Port = 0 rad_recv: Access-Accept packet from host xxx.xxx.xxx.xxx:1812, id=104, length=101 Tunnel-Type:1 = L2TP Tunnel-Medium-Type:1 = IP Tunnel-Client-Auth-Id:1 = "DSLIP" Tunnel-Server-Endpoint:1 = "xxx.xxx.xxx.xxx" Tunnel-Password:1 = "bookmark" Framed-IP-Netmask = 255.255.255.255 Framed-IP-Address = xxx.xxx.xxx.xxx Framed-Protocol = PPP Service-Type = Framed-User I'm pretty certain the Cisco will not do what I want it to with the Framed-User attribute. In anycase my question - how do I ensure it's just tunnel property configs that are returned for this realm even if the username exists in the NULL realm? Am I looking at Autz-Type, or something else? Thanks, Thomas Bridge - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html