---------- Forwarded Message ----------
Subject: BOUNCE [EMAIL PROTECTED]: Non-member submission from [Emilie Shoop <[EMAIL PROTECTED]>] Date: Tue, 21 Jan 2003 10:24:19 -0600 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] >From [EMAIL PROTECTED] Tue Jan 21 10:24:18 2003 Received: from mail.ncsa.uiuc.edu (mail.ncsa.uiuc.edu [141.142.2.28]) by server1.open.com.au (8.11.0/8.11.0) with ESMTP id h0LGOHx13290 for <[EMAIL PROTECTED]>; Tue, 21 Jan 2003 10:24:18 -0600 X-Envelope-From: [EMAIL PROTECTED] X-Envelope-To: <[EMAIL PROTECTED]> Received: from D7YKZ021.ncsa.uiuc.edu (cab-wireless-127.ncsa.uiuc.edu [141.142.102.127]) by mail.ncsa.uiuc.edu (8.11.6/8.11.6) with ESMTP id h0LLNXk31143 for <[EMAIL PROTECTED]>; Tue, 21 Jan 2003 15:23:33 -0600 Message-Id: <[EMAIL PROTECTED]> X-Sender: [EMAIL PROTECTED] (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.1.1 Date: Tue, 21 Jan 2003 15:23:17 -0600 To: [EMAIL PROTECTED] From: Emilie Shoop <[EMAIL PROTECTED]> Subject: Cisco 2611 VPN group authentication Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed I was wondering if anyone had a sample Radiator config. for authenticating the group information on a Cisco 2611, and subsequently handing out DNS and WINS information? I have my Radius set up to authenticate the users, but now would like to move the group information (for the group VPNClients) to the radius as well. Here is my Radius config: # radius.cfg LogDir /services/radius/log DbDir /services/radius/conf BindAddress x.x.x.x AuthPort 1812 AcctPort 1813 Trace 5 #User #Group #For VPN access <Client x.x.x.x> Secret xxxx </Client> # For testing: this allows us to honour requests from radpwtst on localhost <Client localhost> Secret mysecret DupInterval 0 </Client> #Look for a Realm with an exact match on the realm name #look for a matching regular expression Realm #look for a <Realm DEFAULT> #look at each Handler in the order they appear #VPN Authentication x.x.x.x <Handler NAS-IP-Address = "x.x.x.x"> <AuthBy FILE> Filename %D/vpn_users </AuthBy> </Handler> #Default Handler for anything not specified above <Handler> <AuthBy FILE> #The Filename defaults to %D/users </AuthBy> </Handler> Here is my Cisco 2611 config.: CLIENT_VPN#sh run aaa authentication login userauthen group radius aaa authorization network groupauthor local aaa session-id common ! ! crypto isakmp policy 3 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group VPNClients key xxxx dns x.x.x.x wins x.x.x.x domain ncsa.uiuc.edu pool ippool ! ! crypto ipsec transform-set SET1 esp-3des esp-md5-hmac ! crypto dynamic-map dynmap 10 set transform-set SET1 ! ! crypto map clientmap client authentication list userauthen crypto map clientmap isakmp authorization list groupauthor crypto map clientmap client configuration address respond crypto map clientmap 10 ipsec-isakmp dynamic dynmap ! interface FastEthernet0/0 crypto map clientmap ! ip local pool ippool x.x.x.x y.y.y.y radius-server host x.x.x.x auth-port 1812 acct-port 1813 key xxxx radius-server retransmit 3 call rsvp-sync ! Thanks, Emilie ********************************************************* Emilie Shoop Network Engineer [EMAIL PROTECTED] Phone: 217.244.5407 Cell: 217.649.8514 National Center for Supercomputing Applications ********************************************************** ------------------------------------------------------- -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.