Has anyone had any success with integrating Netscreen Group authentication with FreeRadius? I'm able to authenticate the individual user account, but the minute I try to put the users in the various groups, the authentication fails with a "...belongs to a different group in the RADIUS server than one allowed in the device" error.
---------- Original Message ----------- From: "freeradius" <[EMAIL PROTECTED]> To: [email protected] Sent: Fri, 25 Nov 2005 08:27:09 -0500 Subject: Freeradius and Netscreen VPN Authentication > Greetings, > > I've been attempting to get freeradius-1.0.2-2 on Fedora core 4 to send the > correct > authentication information to my Netscreen VPN device. my test user > information within the /etc/raddb/users file consists of: > > freeradius Auth-Type := Accept, Password=abcd1234, Ns-User-Group == > Some_Secure_grp > > --------- > > When I remove the user-group "Some_Secure_grp" from the following Netscreen > configuration line, I'm able to connect if I remove "Ns-User-Group == > Some_Secure_grp" > from the configuration line from raddb's users file. > > set ike gateway "GATEWAY-SOME_SECURE_GRP" xauth server "FreeRadius" user-group > "Some_Secure_grp" > > --------- > > If I attempt to utilize group authentication, I recieve the following > information in my event log on the Netscreen device: > > 2005-11-23 14:31:56 system notif 00767 User freeradius belongs to a different > group in the RADIUS server than one > allowed in the device > > --------- > > If anyone has any ideas, Id greatly appreciate it. Juniper doesn't really > have many people on their staff that has in depth experience with freeradius. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ------- End of Original Message ------- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
