>I have a variety of Cisco devices that require mutually incompatible values in >a certain RADIUS attribute, Cisco-AVPair. The way I have dealt with this in >the past is with huntgroups -- I assign our engineer group on huntgroup1 to >have Cisco-AVPair set to shell:roles=network-admin, while by default, the >engineer group gets shell:priv-lvl=15. So far, so good. Problem is that we >have another new kind of Cisco device that achieves engineer read-write with >Cisco-AVPair set to shell:roles*admin. I figured that I would just set up >another huntgroup, but this device apparently also doesn't set NAS-IP-Address >or NAS-Identifier, so the usual huntgroup mechanism doesn't work.
>My production environment currently uses Cistron. But I'm planning to switch >to freeradius. Unfortunately, it looks to me like the same issue applies to >freeradius. > >Help? Is there any way to make a distinction between devices in the config >without using huntgroups based on NAS-IP-Address or NAS-Identifier? > >Thanks! > >[I sent a very similar message to the cistron mailing list, BTW. I'm looking >for a solution for either program.] > >- Morty Hi Morty, i´m using a similar configuration with huntgroups for nexus and ios. What devices are you having problems with? Till now, all devices we use send the NAS-IP-Adress. Perhaps we have the same device running, or getting the same problem in future. If there is really a problem on the device, a case at cisco from two customers will surely help to speed up the work. ;-) Jan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
