"Alan DeKok" <[EMAIL PROTECTED]> wrote: > "Kellogg, Chris" <[EMAIL PROTECTED]> wrote: > > I have a Cisco VPN device and a Cisco RAS device. Each is in a > > different subnet with different requirements and options, > but both use > > the same username/password to connect (Usernames are universal for > > remote access). Either I'm failing to recognize how I would pass > > group/realm information from these devices to the RADIUS server or > > neither appears to have that capability. > > You don't. You use the Client-IP-Address attribute to tell > where the RADIUS request came from. > > e.g. > > DEFAULT Client-IP-Address == 127.0.0.1 > Reply-Message += "You came from localhost", > Fall-Through = Yes >
I'm looking at a scheme where I huntgroups to do a similar thing, where I need to separate dial and dsl users and search for each in separate trees in our LDAP database so that I can return different radius profiles for each type of user depending on the product they've purchased, and the type of service (dial/dsl). Each user may be in both trees, depending on the products he/she has purchased. So in huntgroups I have something like: dsl NAS-IP-Address == 127.0.0.1 dsl NAS-IP-Address == 127.0.0.2 dsl NAS-IP-Address == 127.0.0.3 dialip NAS-IP-Address == 127.0.0.11 dialip NAS-IP-Address == 127.0.0.12 dialip NAS-IP-Address == 127.0.0.13 And in users: DEFAULT Huntgroup-Name == "dsl" Fall-Through = Yes DEFAULT Huntgroup-Name == "dialip" Fall-Through = Yes And finally, in radiusd.conf in my ldap module configuration: basedn = "ou=%{Huntgroup-Name},ou=users,o=blah,c=au" Just another possible option on top of Alan's reply... regards, Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html