Hi Hugh
with this box, a client need to authenticate first the group to
establish a ipsec tunnel, then a username member of the group. The
altiga makes two authentication requests.
But with the help of a very kind cisco girl, I'm now able to use
radiator:
Here the group and user profiles:
nextra Password="next4321pw"
Class="OU=nextra;",
Altiga-IPSec-Authentication-G="RADIUS",
Altiga-Tunneling-Protocols-G/U="IPSec"
edoardo Password="edoPW"
Class="nextra"
and here the dictionary:
# Altiga vendor attributes
VENDORATTR 3076 Altiga-Access-Hours-G/U 1
string
VENDORATTR 3076 Altiga-Simultaneous-Logins-G/U 2
integer
VENDORATTR 3076 Altiga-Min-Password-Length-G 3
integer
VENDORATTR 3076 Altiga-Allow-Alpha-Only-Passwords-G 4
integer
VENDORATTR 3076 Altiga-Primary-DNS-G 5
ipaddr
VENDORATTR 3076 Altiga-Secondary-DNS-G 6
ipaddr
VENDORATTR 3076 Altiga-Primary-WINS-G 7
ipaddr
VENDORATTR 3076 Altiga-Secondary-WINS-G 8
ipaddr
VENDORATTR 3076 Altiga-SEP-Card-Assignment-G/U 9
integer
VENDORATTR 3076 Altiga-Priority-on-SEP-G/U 10
integer
VENDORATTR 3076 Altiga-Tunneling-Protocols-G/U 11
integer
VENDORATTR 3076 Altiga-IPSec-Sec-Association-G/U 12
string
VENDORATTR 3076 Altiga-IPSec-Authentication-G 13
integer
VENDORATTR 3076 Altiga-IPSec-Banner-G 15
string
VENDORATTR 3076 Altiga-IPSec-Allow-Passwd-Store-G/U 16
integer
VENDORATTR 3076 Altiga-Use-Client-Address-G/U 17
integer
VENDORATTR 3076 Altiga-PPTP-Min-Authentication-G/U 18
integer
VENDORATTR 3076 Altiga-L2TP-Min-Authentication-G/U 19
integer
VENDORATTR 3076 Altiga-PPTP-Encryption-G 20
integer
VENDORATTR 3076 Altiga-L2TP-Encryption-G 21
integer
VENDORATTR 3076 Altiga-IPSec-L2L-Keepalives-G 25
integer
VENDORATTR 3076 Altiga-IPSec-Split-Tunnel-List-G 27
string
VENDORATTR 3076 Altiga-IPSec-Default-Domain-G 28
string
VENDORATTR 3076 Altiga-IPSec-Secondary-Domains-G 29
string
VENDORATTR 3076 Altiga-IPSec-Tunnel-Type-G 30
integer
VENDORATTR 3076 Altiga-IPSec-Mode-Config-G 31
integer
VENDORATTR 3076 Altiga-IPSec-User-Group-Lock-G 33
integer
# Altiga value
VALUE Altiga-Allow-Alpha-Only-Passwords-G Allow 1
VALUE Altiga-Allow-Alpha-Only-Passwords-G Disallow 0
VALUE Altiga-SEP-Card-Assignment-G/U SEP1 1
VALUE Altiga-SEP-Card-Assignment-G/U SEP2 2
VALUE Altiga-SEP-Card-Assignment-G/U SEP3 4
VALUE Altiga-SEP-Card-Assignment-G/U SEP4 8
VALUE Altiga-SEP-Card-Assignment-G/U Any-SEP 15
VALUE Altiga-Priority-on-SEP-G/U High 1
VALUE Altiga-Priority-on-SEP-G/U Med-High 2
VALUE Altiga-Priority-on-SEP-G/U Medium 3
VALUE Altiga-Priority-on-SEP-G/U Med-Low 4
VALUE Altiga-Priority-on-SEP-G/U Low 5
VALUE Altiga-Tunneling-Protocols-G/U PPTP 1
VALUE Altiga-Tunneling-Protocols-G/U L2TP 2
VALUE Altiga-Tunneling-Protocols-G/U IPSec 4
VALUE Altiga-Tunneling-Protocols-G/U L2TP/IPSec 8
VALUE Altiga-Tunneling-Protocols-G/U PPTP-and-IPSec 5
VALUE Altiga-Tunneling-Protocols-G/U All 15
VALUE Altiga-IPSec-Authentication-G None 0
VALUE Altiga-IPSec-Authentication-G RADIUS 1
VALUE Altiga-IPSec-Authentication-G LDAP 2
VALUE Altiga-IPSec-Authentication-G NTDomain 3
VALUE Altiga-IPSec-Authentication-G SDI 4
VALUE Altiga-IPSec-Authentication-G Internal 5
VALUE Altiga-IPSec-Allow-Passwd-Store-G/U Allow 1
VALUE Altiga-IPSec-Allow-Passwd-Store-G/U Disallow 0
VALUE Altiga-Use-Client-Address-G/U Allow 1
VALUE Altiga-Use-Client-Address-G/U Disallow 0
VALUE Altiga-PPTP-Min-Authentication-G/U PAP 1
VALUE Altiga-PPTP-Min-Authentication-G/U CHAP 2
VALUE Altiga-PPTP-Min-Authentication-G/U EAP-MD5 4
VALUE Altiga-PPTP-Min-Authentication-G/U EAP-GTC 8
VALUE Altiga-PPTP-Min-Authentication-G/U EAP-TLS 16
VALUE Altiga-PPTP-Min-Authentication-G/U MSCHAPv1 32
VALUE Altiga-PPTP-Min-Authentication-G/U MSCHAPv2 64
VALUE Altiga-PPTP-Min-Authentication-G/U Default 102
VALUE Altiga-L2TP-Min-Authentication-G/U PAP 1
VALUE Altiga-L2TP-Min-Authentication-G/U CHAP 2
VALUE Altiga-L2TP-Min-Authentication-G/U EAP-MD5 4
VALUE Altiga-L2TP-Min-Authentication-G/U EAP-GTC 8
VALUE Altiga-L2TP-Min-Authentication-G/U EAP-TLS 16
VALUE Altiga-L2TP-Min-Authentication-G/U MSCHAPv1 32
VALUE Altiga-L2TP-Min-Authentication-G/U MSCHAPv2 64
VALUE Altiga-L2TP-Min-Authentication-G/U Default 102
VALUE Altiga-PPTP-Encryption-G 40bit 2
VALUE Altiga-PPTP-Encryption-G 40-Encryption-Req 3
VALUE Altiga-PPTP-Encryption-G 128 4
VALUE Altiga-PPTP-Encryption-G 128-Encryption-Req 5
VALUE Altiga-PPTP-Encryption-G 40-or-128 6
VALUE Altiga-PPTP-Encryption-G 40-or-128-Encry-Req 7
VALUE Altiga-PPTP-Encryption-G 40-Stateless-Req 10
VALUE Altiga-PPTP-Encryption-G 40-Enc/Stateless-Req 11
VALUE Altiga-PPTP-Encryption-G 128-Stateless-Req 12
VALUE Altiga-PPTP-Encryption-G 128-Enc/Stateless-Req 13
VALUE Altiga-PPTP-Encryption-G 40/128-Stateless-Req 14
VALUE Altiga-PPTP-Encryption-G 40/128-Enc/Statls-Req 15
VALUE Altiga-L2TP-Encryption-G 40bit 2
VALUE Altiga-L2TP-Encryption-G 40-Encryption-Req 3
VALUE Altiga-L2TP-Encryption-G 128 4
VALUE Altiga-L2TP-Encryption-G 128-Encryption-Req 5
VALUE Altiga-L2TP-Encryption-G 40-or-128 6
VALUE Altiga-L2TP-Encryption-G 40-or-128-Encry-Req 7
VALUE Altiga-L2TP-Encryption-G 40-Stateless-Req 10
VALUE Altiga-L2TP-Encryption-G 40-Enc/Stateless-Req 11
VALUE Altiga-L2TP-Encryption-G 128-Stateless-Req 12
VALUE Altiga-L2TP-Encryption-G 128-Enc/Stateless-Req 13
VALUE Altiga-L2TP-Encryption-G 40/128-Stateless-Req 14
VALUE Altiga-L2TP-Encryption-G 40/128-Enc/Statls-Req 15
VALUE Altiga-IPSec-L2L-Keepalives-G ON 1
VALUE Altiga-IPSec-L2L-Keepalives-G OFF 0
VALUE Altiga-IPSec-Tunnel-Type-G LAN-to-LAN 1
VALUE Altiga-IPSec-Tunnel-Type-G Remote-Access 2
VALUE Altiga-IPSec-Mode-Config-G ON 1
VALUE Altiga-IPSec-Mode-Config-G OFF 0
VALUE Altiga-IPSec-User-Group-Lock-G ON 1
VALUE Altiga-IPSec-User-Group-Lock-G OFF 0
you can now ship the dictionary.altiga file ;-)
thank you
Edoardo
Hugh Irvine wrote:
>
> Hello Edoardo -
>
> On Saturday 30 December 2000 01:33, Edoardo Martelli wrote:
> > thank you Matthew
> >
> > but I don't know which attributes the vpn3000 needs to authenticate a
> > group and which ones to authenticate a user.
> > maybe you are in the right place: could you find some examples? I've
> > already searched on cco but I didn't find anything useful.
> >
>
> Just out of interest, what do mean by a "group"? The Radius protocol only
> handles usernames, passwords and assorted connection attributes, there is no
> concept of a "group".
>
> Maybe you could explain what you are trying to do?
>
> thanks
>
> Hugh
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
--
[EMAIL PROTECTED]
phone: +39 051 6139242
fax: +39 051 6114455
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.