Hi folks,
my environment:
I do AAA with freeradius as a radius-proxy in combination with ms-ias (only
for the passwords ;-) )for cisco asa 5540-box, which is similar to a cisco
pix firewall.
in the future we have many, many entries for users with the same
Cisco-AVPairs
USER1 Proxy-To-Realm := IAS
Service-Type = Framed-User,
Framed-Protocoll = PPP,
Cisco-AVPair += "ip:inacl# = permit udp any host A.B.C.D eq domain",
Cisco-AVPair += "ip:inacl# = permit udp any host A.B.C.D eq domain",
Cisco-AVPair += "ip:inacl# = permit tcp any host A.B.C.D eq 264",
Cisco-AVPair += "ip:inacl# = permit tcp any host A.B.C.D eq 443",
Cisco-AVPair += "ip:inacl# = permit udp any host A.B.C.D eq isakmp",
Cisco-AVPair += "ip:inacl# = permit udp any host A.B.C.D eq 2746",
Cisco-AVPair += "ip:inacl# = permit esp any host A.B.C.D",
Cisco-AVPair += "ip:inacl# = deny tcp any any",
Cisco-AVPair += "ip:inacl# = deny udp any any",
Fall-Through = 0
Is it possible to group the User entries and than give them the special
profile with the AVPairs?
If not, what could be another good workaround for this problem?
thanks
marco
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
