On Wed, 31 Dec 2008, t...@kalik.net wrote:
Post the debug of the request. Is that profile appearing in some request
attribute?
I made a little progress since my last email. I discovered how to return a
group name in the Reply-Message attribute, and then parse that on my
appliance. I'm wondering though, if I have users with multiple group
membership, should I create a string of group names such as
"group1,group2, group3" for each user, and return that as the
Reply-Message? Is that a sensible way to do it, or is there a better way?
-Mike
Dana 31/12/2008, "Mike Diggins" <mike.digg...@mcmaster.ca> pi?e:
I have authentication working from my cisco ASA550 VPN appliance to a
FreeRadius 2.1.1 server, using NTLM_AUTH for backend authentication. That
all works. Now I need to add authorization into the mix.
1. On the Radius server, I want to add a group X with a list of
authorized usernames.
2. On the VPN side, the user selects a profile, and logs in, but I
only want members of group X to be able to connect to that
profile, even if the authentication is correct.
I have no idea how to make the connection between the group profile I
select on the VPN side, with the group X on the radius side. I'm not even
sure how (or where) to create such a group with freeRadius. Can anyone
point me in the right direction?
-Mike
-
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
