Okay, So I am a newbie with just enough knowledge to know this should work, and have spent a few hours reading all the different cool things RADIUS does for me. However, I cant get it to do what we need, and I am sure its lack of experience. I have read the various FAQ's and help files, but I must still be missing something.
1. Problem: We are using RADIUS to authenticate logins to routers. Not for PPP, dialup, etc, but for command line authentication for network engineers or admins. We are using more than one vendor, which means the attributes sent back to the NAS device are different. 2. What works so far: I have been able to create a basic users file and authenticate logins for my differen vendor equipment. Logins work flawlessly, but using the "freeradius -X" I notice the server is sending all attributes, even if they arent for that vendor. This was expected, based on how I set the thing up: USER Auth-Type = System Juniper-Local-User-Name = READ_ONLY, Riverstone-User-Level = 15 3. What I did different to keep that from happening. I created a huntgroup called BB that had a list of IP's for all the Junipers. So when I logged in to one of those devices the first entry in the users file was used. If I logged into a device not in the huntgroup list the second entry in the user file was used. This works....but it is sloppy, yes? :) USER Huntgroup-Name == BB, Auth-Type = System Juniper-Local-User-Name = READ_ONLY, USER Auth-Type = System Riverstone-User-Level = 15 3. So how am I really supposed to make this work? :) I have been told to use realms, but everything I see makes it look like you have to put @<something> in the username. Is this true? If so, that defeats the purpose of one username. PS - My first attempt to send this got blocked due to me sending it from the wrong email address, sorry for the DUP if the original actually makes it past moderation. Thanks, James - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html