"Jason Lixfeld" <[EMAIL PROTECTED]> wrote: > I have a pretty generic setup where DSL users authenticate > against my Freeradius system. The entry for each DSL customer has > rather generic reply items such as Framed-IP-Address, Framed-IP-Netmask, > Framed-Protocol and Service-Type. What I want to do is use the same > username and password check item that authenticates DSL users to > authenticate an IPSec tunnel. My concern is that the reply items > normally used to configure the DSL CPE will conflict with the IPSec > client. What I'm wondering is if it is possible to tell FreeRadius to > not send back any reply items if it's an IPSec tunnel (this would be > determined by huntgroups, most likely).
I don't think that's what you want. I *think* you want it to send *different* reply items (even if that reply list is empty). Looking at the problem that way should allow you to come up with a different approach to the problem. So rather than adding garbage items, and then deleting them, you want to configure it to NOT add those items in the first place. If the reply items are unique for every user, then this can become difficult. If the reply items are the same for all users, then it shouldn't be too hard. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
