---------- Forwarded Message ----------
Subject: BOUNCE [EMAIL PROTECTED]: Non-member submission from [Emilie
Shoop <[EMAIL PROTECTED]>]
Date: Tue, 21 Jan 2003 10:24:19 -0600
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
>From [EMAIL PROTECTED] Tue Jan 21 10:24:18 2003
Received: from mail.ncsa.uiuc.edu (mail.ncsa.uiuc.edu [141.142.2.28])
by server1.open.com.au (8.11.0/8.11.0) with ESMTP id h0LGOHx13290
for <[EMAIL PROTECTED]>; Tue, 21 Jan 2003 10:24:18 -0600
X-Envelope-From: [EMAIL PROTECTED]
X-Envelope-To: <[EMAIL PROTECTED]>
Received: from D7YKZ021.ncsa.uiuc.edu (cab-wireless-127.ncsa.uiuc.edu
[141.142.102.127]) by mail.ncsa.uiuc.edu (8.11.6/8.11.6) with ESMTP id
h0LLNXk31143
for <[EMAIL PROTECTED]>; Tue, 21 Jan 2003 15:23:33 -0600
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED] (Unverified)
X-Mailer: QUALCOMM Windows Eudora Version 5.1.1
Date: Tue, 21 Jan 2003 15:23:17 -0600
To: [EMAIL PROTECTED]
From: Emilie Shoop <[EMAIL PROTECTED]>
Subject: Cisco 2611 VPN group authentication
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
I was wondering if anyone had a sample Radiator config. for authenticating
the group information on a Cisco 2611, and subsequently handing out DNS and
WINS information?
I have my Radius set up to authenticate the users, but now would like to
move the group information (for the group VPNClients) to the radius as well.
Here is my Radius config:
# radius.cfg
LogDir /services/radius/log
DbDir /services/radius/conf
BindAddress x.x.x.x
AuthPort 1812
AcctPort 1813
Trace 5
#User
#Group
#For VPN access
<Client x.x.x.x>
Secret xxxx
</Client>
# For testing: this allows us to honour requests from radpwtst on localhost
<Client localhost>
Secret mysecret
DupInterval 0
</Client>
#Look for a Realm with an exact match on the realm name
#look for a matching regular expression Realm
#look for a <Realm DEFAULT>
#look at each Handler in the order they appear
#VPN Authentication x.x.x.x
<Handler NAS-IP-Address = "x.x.x.x">
<AuthBy FILE>
Filename %D/vpn_users
</AuthBy>
</Handler>
#Default Handler for anything not specified above
<Handler>
<AuthBy FILE>
#The Filename defaults to %D/users
</AuthBy>
</Handler>
Here is my Cisco 2611 config.:
CLIENT_VPN#sh run
aaa authentication login userauthen group radius
aaa authorization network groupauthor local
aaa session-id common
!
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group VPNClients
key xxxx
dns x.x.x.x
wins x.x.x.x
domain ncsa.uiuc.edu
pool ippool
!
!
crypto ipsec transform-set SET1 esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set SET1
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
interface FastEthernet0/0
crypto map clientmap
!
ip local pool ippool x.x.x.x y.y.y.y
radius-server host x.x.x.x auth-port 1812 acct-port 1813 key xxxx
radius-server retransmit 3
call rsvp-sync
!
Thanks,
Emilie
*********************************************************
Emilie Shoop Network Engineer
[EMAIL PROTECTED]
Phone: 217.244.5407 Cell: 217.649.8514
National Center for Supercomputing Applications
**********************************************************
-------------------------------------------------------
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
