Hello Emilie -
If the Cisco can be configured to do group authentication with radius, then it should be possible to use Radiator to deal with the requests.
If you run Radiator at trace 4 you will be able to see the incoming requests and then you can configure accordingly.
The simplest way to do this sort of debugging is to run radiusd from the command line and watch the log messages:
perl radiusd -foreground -log_stdout -trace 4 -config_file ......
If you send me a copy of the trace 4 I will try to help.
regards
Hugh
I was wondering if anyone had a sample Radiator config. for authenticating
the group information on a Cisco 2611, and subsequently handing out DNS and
WINS information?
I have my Radius set up to authenticate the users, but now would like to
move the group information (for the group VPNClients) to the radius as well.
Here is my Radius config:
# radius.cfg
LogDir /services/radius/log
DbDir /services/radius/conf
BindAddress x.x.x.x
AuthPort 1812
AcctPort 1813
Trace 5
#User
#Group
#For VPN access
<Client x.x.x.x>
Secret xxxx
</Client>
# For testing: this allows us to honour requests from radpwtst on localhost
<Client localhost>
Secret mysecret
DupInterval 0
</Client>
#Look for a Realm with an exact match on the realm name
#look for a matching regular expression Realm
#look for a <Realm DEFAULT>
#look at each Handler in the order they appear
#VPN Authentication x.x.x.x
<Handler NAS-IP-Address = "x.x.x.x">
<AuthBy FILE>
Filename %D/vpn_users
</AuthBy>
</Handler>
#Default Handler for anything not specified above
<Handler>
<AuthBy FILE>
#The Filename defaults to %D/users
</AuthBy>
</Handler>
Here is my Cisco 2611 config.:
CLIENT_VPN#sh run
aaa authentication login userauthen group radius
aaa authorization network groupauthor local
aaa session-id common
!
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group VPNClients
key xxxx
dns x.x.x.x
wins x.x.x.x
domain ncsa.uiuc.edu
pool ippool
!
!
crypto ipsec transform-set SET1 esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set SET1
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
interface FastEthernet0/0
crypto map clientmap
!
ip local pool ippool x.x.x.x y.y.y.y
radius-server host x.x.x.x auth-port 1812 acct-port 1813 key xxxx
radius-server retransmit 3
call rsvp-sync
!
Thanks,
Emilie
*********************************************************
Emilie Shoop Network Engineer
[EMAIL PROTECTED]
Phone: 217.244.5407 Cell: 217.649.8514
National Center for Supercomputing Applications
**********************************************************
-------------------------------------------------------
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
