Greetings! Our Cisco VPN concentrator is sending some RADIUS attributes in the request packet and if certain values appear, then I'd like to only allow a subset of users to login.
I've looked at: http://wiki.freeradius.org/SQL-Huntgroup-HOWTO/dbeef165862fe9ba7ef6f7d011889d1f7212cf9b the SQL Huntgroup howto and it seemed close, but the scenario that I am looking at is slightly different and I am getting mixed up. I am hoping for some help. Here is my scenario: We have a generic VPN profile that we'd like to allow *all* users to login to - this works well. When users login to the "secret" profile, then the following VPN attribute is included in the request: Vendor-3076-Attr-146 = 0x554d44 The attribute and value are known and constant, thus I can make decisions on them. Users who are in the "secret" group should be able to login to *both* the generic profile (which does not have the Vendor-3076-Attr-146 = 0x554d44 pair) and the "secret" profile, which does have the pair. If a user is not in the secret group, then their login should fail if the Vendor-3076-Attr-146 = 0x554d44 pair is in the request. Thanks for any advice or design input! Cheers, -mz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html