Sander van Loosbroek wrote:
> Hello,
>
> I have successfully set up Freeradius that comes with Mac OS X Server 10.6 to
> authenticate WebVPN users on a Cisco IOS router. Now I'm trying to parse the
> webvpn:user-vpn-group attribute to the Cisco so I can set up different WebVPN
> policies. I run into 2 problems:
>
> 1) There doesn't seem to be a dictionary for Cisco's Webvpn. There are some
> for the VPN concentrator series but this are not compatible with Cisco's IOS.
> Does that mean I have to build my own? The attribute value-pairs are listed
> here:
> http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6657/prod_white_paper0900aecd8051ac3a.html
That page explains how to use those attributes. They go into the
Cisco-AVPair attribute, just like nearly all of the other Cisco attributes:
Cisco-AVPair := "webvpn:urllist-name=cisco"
> 2) I can't find out how to connect the group name value from OpenDirectory to
> an attribute. The rlm_opendirectory module does check for a group (to see if
> it's allowed to use the Radius service) but it's unclear to me how to grab
> that value and use it as an attribute.
You should be able to use LDAP to query OpenDirectory.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
