basically, you just need to follow the cisco docs for your software version (you need 6.0 or higher).
the only piece of info that's not outlined in the docs is how to pass the access-list back to the pix for each user. for me, all i needed was Reply-Message = "acl=xxx" for each user where xxx is the number of your access list. good luck- dan > I'm trying to set a configuration with a PIX firewall as an authentication > gateway, relying on a freeradius server, which picks up users in a LDAP > directory. > I'd like to be able to : > - pass access-lists numbers according radius groups (based on LDAP groups) > to the PIX, > - assign an dynamic IP adress (to be passed to the PIX ??) choosen on an > adress pool, defined against groups (Radius or LDAP groups), > - and finally, be able to pass to the final client through the PIX > informations such as WINS and DNS servers ... > > Big task, ain't it ? :) > > So, as this has to be completed as soon as possible, any help, suggestions, > comments, or, best of all, config samples really apreciated. > > Thx to all of you, > Pierre. > > > . > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
