Re: Cisco VPN 3000 experience
On Wed, 19 Nov 2003 16:49:22 -0500 Dan Didier [EMAIL PROTECTED] wrote: Do you use group functions, or is everyone in the base group? Thanks, Dan I am using FreeRadius with the VPN 3000. I have groups authenticating in the concentrator and user authentication through radius. The down side to this is that you can not lock users into a group and must rely on the group settings in the client for security. -- Bill Thompson [EMAIL PROTECTED] GPG Key ID:0xFB966670 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco VPN 3000 experience
On Thu, 20 Nov 2003, Bill Thompson wrote: On Wed, 19 Nov 2003 16:49:22 -0500 Dan Didier [EMAIL PROTECTED] wrote: Do you use group functions, or is everyone in the base group? Thanks, Dan I am using FreeRadius with the VPN 3000. I have groups authenticating in the concentrator and user authentication through radius. The down side to this is that you can not lock users into a group and must rely on the group settings in the client for security. -- Bill Thompson [EMAIL PROTECTED] GPG Key ID:0xFB966670 - You can lock them in using the Class attribute. example reply would include Class = OU=thisgroup.com; Check out http://www.cisco.com/warp/public/471/altigagroup.html It shows you how. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco VPN 3000 experience
I have two 3005s and a 3015 that authenticate users via Freeradius. It just works right out of the box. I'm using our central LDAP directory that already contains user authentication info. -Tom On Wed, Nov 19, 2003 at 03:46:18PM -0500, Dan Didier wrote: Hi list, I was wondering what peoples experiences have been with using FreeRadius with the cisco VPN 3000 concentrator. Are there any documents outlining this? Thanks, Dan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Tom Miller, System Administrator | 5700 SW 34th St. Suite 1235 Info Tech, Inc.| Gainesville, FL 32608 | (352)381-4400 Voice [EMAIL PROTECTED] | (352)381- Fax - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Cisco VPN 3000 experience
Do you use group functions, or is everyone in the base group? Thanks, Dan -Original Message- From: Tom Miller [mailto:[EMAIL PROTECTED] Sent: Wed 11/19/2003 4:14 PM To: [EMAIL PROTECTED] Cc: Subject: Re: Cisco VPN 3000 experience I have two 3005s and a 3015 that authenticate users via Freeradius. It just works right out of the box. I'm using our central LDAP directory that already contains user authentication info. -Tom On Wed, Nov 19, 2003 at 03:46:18PM -0500, Dan Didier wrote: Hi list, I was wondering what peoples experiences have been with using FreeRadius with the cisco VPN 3000 concentrator. Are there any documents outlining this? Thanks, Dan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Tom Miller, System Administrator | 5700 SW 34th St. Suite 1235 Info Tech, Inc.| Gainesville, FL 32608 | (352)381-4400 Voice [EMAIL PROTECTED] | (352)381- Fax - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html winmail.dat
Re: Cisco VPN 3000 experience
Dan Didier [EMAIL PROTECTED] wrote: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: base64 Please fix your mailer to send text as text, instead of encoding it. Content-Type: application/ms-tnef; name=winmail.dat Please also fix your mailer to not send garbage to the list. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco VPN 3000 experience
On Wed, 19 Nov 2003, Dan Didier wrote: Hi list, I was wondering what peoples experiences have been with using FreeRadius with the cisco VPN 3000 concentrator. Are there any documents outlining this? Thanks, Dan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html We use it with freeradius and ldap as a backend. We use the radiusclass attribute, which will lock the user into the group that we provision them to, regardless of the group they put in their vpn client. They will still need a valid group/password in the client to authenticate. An example reply item for the user [EMAIL PROTECTED] would be Radius-Class = OU=mydomain.com; Must have the OU capital and the ; at the end. Check out: http://www.cisco.com/en/US/tech/tk583/tk547/technologies_configuration_example09186a00800946a2.shtml for more info. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html