On Wed, 31 Dec 2008, t...@kalik.net wrote:
Post the debug of the request. Is that profile appearing in some request attribute?
I made a little progress since my last email. I discovered how to return a group name in the Reply-Message attribute, and then parse that on my appliance. I'm wondering though, if I have users with multiple group membership, should I create a string of group names such as "group1,group2, group3" for each user, and return that as the Reply-Message? Is that a sensible way to do it, or is there a better way?
-Mike
Dana 31/12/2008, "Mike Diggins" <mike.digg...@mcmaster.ca> pi?e:I have authentication working from my cisco ASA550 VPN appliance to a FreeRadius 2.1.1 server, using NTLM_AUTH for backend authentication. That all works. Now I need to add authorization into the mix. 1. On the Radius server, I want to add a group X with a list of authorized usernames. 2. On the VPN side, the user selects a profile, and logs in, but I only want members of group X to be able to connect to that profile, even if the authentication is correct. I have no idea how to make the connection between the group profile I select on the VPN side, with the group X on the radius side. I'm not even sure how (or where) to create such a group with freeRadius. Can anyone point me in the right direction? -Mike -
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html