On Thu, Nov 19, 2020 at 02:18:26PM +1030, Brett Lymn wrote:
> On Thu, Nov 19, 2020 at 07:08:38AM +1030, Brett Lymn wrote:
> >
> > I will dig up the document I wrote about the setup. My fuzzy memory is
> > that there
> > were no hacks required.
>
> Little wonder my memory was fuzzy - I did this 13 years ago. I found
> the documentation. I did use a radius server as the backend auth along
> with a self-signed certificate for hybrid rsa-xauth.
>
> Unfortunately, the document I have not not generic and contains some
> confidential details but I am happy to provide sanitised snippets to
> help out.
>
> Below is the racoon.conf, if you need to see the radiusd.conf I have
> that too but it is fairly long.
>
> This is the racoon.conf, there were 3 classes of users, the data entry
> people, admin staff and developers. The radius server was used to map
> the user to the appropriate class depending on group membership:
thanks, I think this will help. We already have radius servers, so I
should be able to deal with this part. racoon is the problem for me, I
didn't find much documentation about it ...
--
Manuel Bouyer <bou...@antioche.eu.org>
NetBSD: 26 ans d'experience feront toujours la difference
--
