"Michael Markstaller" <[EMAIL PROTECTED]> wrote: > Anyway, I've also RSA ACE SecurID users in my ACS which I need to send > to the ACE-server (speaking RADIUS) for authentication; this also works > fine with a realm (@ace) for testing but my problem is, that this means > telling several hundred users to append @ace to their username.
Or, create a radius-specific "group" file (see "man rlm_passwd"), and put those users in that group. You'll have to create a new attribute for the group name, see raddb/dictionary. ATTRIBUTE Local-Group 3000 string Then, in the "users" file, do: #--- DEFAULT Local-Group == "ace", Proxy-To-Realm := "ace" #--- And set up the "ace" realm. > - I remember to have read from Alan that Proxy-To-Realm is not > recommended somehow No, using it is fine. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html