I had the same problem, but I'm not sure if I understood you correctly - however:
I'm using a VPN 3k series Concentrator towards freeradius v.0.5.
Attribute 25 was the key, in users you can add i.e.:
DEFAULT Realm == "student.uit.no"
Reply-Message = "blablabla..",
Class = "OU=student.uit.no;"
Then on the Cisco box, locke users to group.
If not using realms like me, you may try and set attr25 (Class) depending on the
group-ID recieved from your NAS!
- Erling
On Sat, Apr 13, 2002 at 12:57:53PM +0200,Tobias Persson, The Induhvidual, scrabbled:
> Hello, I use version:0.5 together with a Cisco AAA server.
> We authenticate users with the system password file on the radius. This
> works fine.
> We want to have all users in the system but we want some to have special
> restrictions.
>
> The problem is that everyone can enter each-others groups.
> We need some type of group lock function like the attribute 25.
> I have tried to bind user's names in the system password file to different
> groups in the users file.
> For example, user "adam" with password ***** is present in the system
> password file. In the users file I have tried
> to bind "adam" to a group but that he still is authenticated to the system
> password file. This has not worked so I am wondering
> if this is the right way to tackle the problem??
>
> My second question is:
> What do I need to do for the radius server to return Cisco's radius
> attribute to the Cisco server???
>
> Best regards, Tobias
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
