Hi.
I have seen this in the archives a few times, but I have not been able to get it to
work.
I am using FreeRADIUS 0.7.1.
I am using a Cisco PIX 515 firewall with the 6.2(2) software. I am authenticating VPN
accounts with radius and that is working. I would like to use per user access lists.
Cisco seems to list a few ways of doing it. It looks like the following in the users
file should work:
test1 User-Password == "password"
Filter-Id = "101"
or
test1 User-Password == "password"
Reply-Message = "acl=101"
I set 'no sysopt connection permit-pptp'.
It seems not to be accepting the acl. show uauth does not list it.
Should I be using Auth-Type:=MS-CHAP?
Where does the pix have to be listed? clients? naslist? naspasswd? (For now I am not
checking simultaneous logins. Authentication is working.)
I see the attributes coming in to the pix when I show debug radius.
Should I have with_cisco_vsa_hack = yes?
I have an access-list 101.
Thanks in advance.
--
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
