Mark Tunnell wrote:
Nice! That gets me almost all the way there. I'm able to
authenticate using Auth-Type := Local. Now I just need to figure out
how to authenticate that type of user name ([EMAIL PROTECTED]) using
Auth-Type := System. Any ideas how to go about that?
Mark Tunnell wrote:
Suppose I have two Cisco routers both configured to authenticate to
the same radius server. How do I allow a particular user access to
one router but not the other? Is there a place in the clients.conf or
users file to configure this?
Oh yea, Alan gave me a trick with the hints file that adds a realm to a
client if one is not present that could also help.
DEFAULT User-Name !~ ".*@", NAS-IP-Address == "ip of client"
User-Name := "[EMAIL PROTECTED]"
Well, take a look at the docs and there is an explination of the
variables you can play with. I don't know what adding an @in the
username would do to a linux password file but my guess would be nothing
spectacular. Running radiusd -X will give you what the cisco is passing
and you can use that to decide what to check attribute to manipulate.
--
Lewis Bergman
Texas Communications
4309 Maple St.
Abilene, TX 79602-8044
Off. 325-691-1301
Cell 325-439-0533
fax 325-695-6841
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
