Hello
On Fri, May 26, 2000 at 08:22:50AM +1000, Hugh Irvine wrote:
> you can set up DEFAULT/Auth-Type pairs to add the attributes that way. Perhaps
> if you describe your requirements in more detail I can assist in finding the
> best mechanism to use.
Ok. We use LDAP to store our Radius data. A normal LDAP entry looks like:
...
radiususername=8W99999
radiususer-name=8W99999 Long user description for the logfile
radiuspassword=secret
radiusprofile=westend-dynamic-dialup
We have three profiles, used via replaceIfNotExisting:
westend-dynamic-dialup for normal dialups
westend-static-dialup with static IP addresses stored in LDAP
westend-callback-dialup not yet implemented
Now we want to offer our clients VPN support and therefore need to give
the cisco some TACACS+ attributes. As we don't like to use a TACACS server
next to the radius server (we bought for much money :-)) we have to use
cisco-avpair Attributes to give all these parameters via radius.
(Sadly as you know the LDAP function does not allow you to specify more
than one radiuscisco-avpair="something" -> see older mails from me)
So now what. I tried to use the profiles, although that has the drawback
that we have to create an unique profile for every VPN client, but this
would be acceptable. But this didn't work, too. I tried to use \n seperated
values but this lead to no success (see other mail).
If you do not have a good idea I think I'll have to try to hack
the LDAP function to store that attributes in arrays instead of hashes
and therefore allow several attributes with the same name.
> Hugh
bye,
-christian-
--
Christian Hammers WESTEND GmbH - Aachen und Dueren Tel 0241/701333-0
[EMAIL PROTECTED] Internet & Security for Professionals Fax 0241/911879
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
