On 04/11/10 15:25, Jevos, Peter wrote:
On 04/11/10 10:41, Jevos, Peter wrote:
DEFAULT Auth-Type := ntlm_auth_vpn, NAS-IP-Address == 10.1.1.252
Tunnel-Type = "ESP",
Tunnel-Private-Group-ID = "Group1",
Tunnel-Password = "cisco",
Cisco-Avpair="ipsec:dns-servers=10.1.1.6 10.1.1.7",
Cisco-Avpair="ipsec:addr-pool=vpn_pool",
This wrong; you want:
Cisco-AVpair += "2nd:attribute"
This is documented in the manpage and docs.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
Thank you, it helped but it still doesn't work as I wished:
All I need is:
When request comes from 10.1.1.252 and Tunnel-Private-Group-ID =
"Group1", use authentication ntlm_auth_vpn, and send back Cisco-av pairs
(ipsec values)
When request comes from whencesoever and Tunnel-Private-Group-ID is
whatever, use authentication vpn_auth_name ,and that's it
My current settings is:
DEFAULT Auth-Type := ntlm_auth_vpn, NAS-IP-Address == 10.1.1.252
, Tunnel-Private-Group-ID == "Group1"
Tunnel-Type = "ESP",
Tunnel-Private-Group-ID = "Group1",
Tunnel-Password = "cisco",
Cisco-Avpair="ipsec:dns-servers=10.1.1.6 10.1.1.7",
Cisco-Avpair="ipsec:addr-pool=vpn_pool",
Cisco-Avpair="ipsec:inacl=101",
Cisco-Avpair="ipsec:key-exchange=ike",
Cisco-Avpair="ipsec:key-exchange=preshared-key",
Service-Type = Framed-User,
Framed-Protocol = PPP,
Fall-Through = Yes
You've set Fall-Through here - so your Auth-Type will be overwritten by
the 2nd entry:
DEFAULT Auth-Type := vpn_auth_name,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Remove the Fall-Through
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
