Hi Lei,
you can simple extend your existing users file.
If it looks like this at the moment:
testuser Password = “test-password”
User-Server-Type = Login-User
Class = TESTUSER-GRP_POLICY
You can change it to
testuser Auth-Type = Perl
User-Server-Type = Login-User
Class = TESTUSER-GRP_POLICY
In my setup I had to remove the User-Server-Type and had a users entry
like
corny Auth-Type = Perl
Class = TESTUSER-GRP_POLICY
And was able to authenticate like this:
root@puckel:~/TEST# echo “User-Name=corny, Password=rightPassword” |
radclient -s 127.0.0.1 auth test
Received response ID 246, code 2, length = 69
Reply-Message = “privacyIDEA access granted”
Class = 0x54455354555345522d4752505f504f4c494359
Total approved auths: 1
Total denied auths: 0
Total lost auths: 0
This way you get all the VPs in your response.
Kind regards
CorneliusAm Freitag, den 09.10.2015, 22:42 -0700 schrieb lei xiao:
Cisco’s VPN, have different policy-group. Different users belonging to different policy-group.
If use simple authentication ways,i need configuration file /etc/freeradius/users like this:
CISCO :
access-list TESTUSER_ACL standard permit 192.168.1.0 255.255.255.0
access-list TESTUSER_ACL standard permit 192.168.2.0 255.255.255.0
group-policy TESTUSER-GRP_POLICY internal
group-policy TESTUSER-GRP_POLICY attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value TESTUSER_ACL
FREERADIUS : /etc/freeradius/users
testuser Password = “test-password”
User-Server-Type = Login-User
Class = TESTUSER-GRP_POLICY
But use Privacyidea , Freeradius User configuration line this:
root@ubuntu:/etc/freeradius# cat users
DEFAULT Auth-Type := Perl
How do i definition of user ‘Class’ attributes
–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/919d3c30-41ab-4597-9b52-c7ae480bb091%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (836 Bytes)