RE: Cisco VPN3005 group auth
I was able to get both the group and user authenticated on the Radius server now but there is no matching of the user to the group. This user can login using any group, not just the one I want them to use. How does the radius server match / check the user to the group? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco VPN3005 group auth
John Sorel wrote: I was able to get both the group and user authenticated on the Radius server now but there is no matching of the user to the group. This user can login using any group, not just the one I want them to use. How does the radius server match / check the user to the group? Sorry for jumping in late on this, but last information I have is that there is an open bug with Cisco for their VPN concentrators not obeying groups when RADIUS authentication is used. I don't have a TAC case # for this - we got this information at a recent technical summit. HTH, Craig -- / Craig Huckabee| e-mail: [EMAIL PROTECTED] / / Code 715-CH | phone: (843) 218 5653 / / SPAWAR Systems Center | close proximity: Hey You! / / Charleston, SC|ICBM: 32.78N, 79.93W / - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Cisco VPN3005 group auth
On Wed, 18 May 2005, John Sorel wrote: I was able to get both the group and user authenticated on the Radius server now but there is no matching of the user to the group. This user can login using any group, not just the one I want them to use. How does the radius server match / check the user to the group? I believe you can lock them into a group with the class attribute in your reply items. Such as. Class = OU=somegroup.com; I remember it being important that either the OU is in uppercase or the ; is between the s, so try it with both. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Cisco VPN3005 group auth
On Wed, 18 May 2005, Dustin Doris wrote: On Wed, 18 May 2005, John Sorel wrote: I was able to get both the group and user authenticated on the Radius server now but there is no matching of the user to the group. This user can login using any group, not just the one I want them to use. How does the radius server match / check the user to the group? I believe you can lock them into a group with the class attribute in your reply items. Such as. Class = OU=somegroup.com; I remember it being important that either the OU is in uppercase or the ; is between the s, so try it with both. Found my old link about it. http://www.cisco.com/warp/public/471/altigagroup.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html