I started to want to use Privacyidea to do the Cisco ASA VPN Authentication.
But I find Privacyideaadoes not support “User radius profile”.
Like this :
So , We can not differentiate between the user belongs to the policy group.
That means users can authenticate all groups, But this is not our intention.
Hello Lei,
probably the user radius profile is some additional attribute that is
sent in the RADIUS request. Probably there are RADIUS attributes
cisco-avpair
in the RADIUS request. So check in the RADIUS request the value of
cisco-avpair.
Then you can use the freeRADIUS unlang
to mangle your requests.
I.e. in this case you probably need to do the authorization within
FreeRADIUS. If this attribute matches certain conditions you can grant
authorization and got to authentication within privacyIDEA. If the
attribute does not match, you can deny authorization.
(See the CONDITIONS section)
Kind regards
CorneliusAm Montag, den 24.08.2015, 19:25 -0700 schrieb lei xiao:
I started to want to use Privacyidea to do the Cisco ASA VPN
Authentication.But I find Privacyideaadoes not support “User radius profile”.
Like this :
So , We can not differentiate between the user belongs to the policy group.
That means users can authenticate all groups, But this is not our intention.You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/9c7f1489-8e40-47f7-becb-5df123c80e55%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (836 Bytes)