"Alan DeKok" <[EMAIL PROTECTED]> wrote:
> "Kellogg, Chris" <[EMAIL PROTECTED]> wrote:
> > I have a Cisco VPN device and a Cisco RAS device. Each is in a
> > different subnet with different requirements and options,
> but both use
> > the same username/password to connect (Usernames are universal for
> > remote access). Either I'm failing to recognize how I would pass
> > group/realm information from these devices to the RADIUS server or
> > neither appears to have that capability.
>
> You don't. You use the Client-IP-Address attribute to tell
> where the RADIUS request came from.
>
> e.g.
>
> DEFAULT Client-IP-Address == 127.0.0.1
> Reply-Message += "You came from localhost",
> Fall-Through = Yes
>
I'm looking at a scheme where I huntgroups to do a similar thing, where
I need to separate dial and dsl users and search for each in separate
trees in our LDAP database so that I can return different radius
profiles for each type of user depending on the product they've
purchased, and the type of service (dial/dsl). Each user may be in both
trees, depending on the products he/she has purchased.
So in huntgroups I have something like:
dsl NAS-IP-Address == 127.0.0.1
dsl NAS-IP-Address == 127.0.0.2
dsl NAS-IP-Address == 127.0.0.3
dialip NAS-IP-Address == 127.0.0.11
dialip NAS-IP-Address == 127.0.0.12
dialip NAS-IP-Address == 127.0.0.13
And in users:
DEFAULT Huntgroup-Name == "dsl"
Fall-Through = Yes
DEFAULT Huntgroup-Name == "dialip"
Fall-Through = Yes
And finally, in radiusd.conf in my ldap module configuration:
basedn = "ou=%{Huntgroup-Name},ou=users,o=blah,c=au"
Just another possible option on top of Alan's reply...
regards,
Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
