please is it possible to distinguish two remote access groups on radius server?
For example i have two groups. One for employes and second for externalist.
I authentificate them on one radius server.
It is possible to distinguish between these two groups on radius server?
How can i do this?
Because when i create two tunnel groups and two policy groups, i am still able to access both groups with user from employe or externalist group. And when i look to log on IAS server, i wasnt able to distinguish between log entry when i login as employe and when i login as externalist :(
Thank you in advance
Ok then, we have 2 tunnel-groups and 2 group-policies for tunnel-groups, here is what you have to do.
*First, we should lock the group-policies to tunnel groups so that one policy would not use the other tunnel-group. For achieving this, following is the sample CLI commands
tunnel-group test1 general-attributes
tunnel-group test2 general-attributes
group-policy policy1 attributes
group-lock value test1
group-policy policy2 attributes
group-lock value test2
*Now lets do the config on IAS. You should have 2 seperate Remote access policies created for your 2 different windows groups in IAS, for example
Remote access policy x
If Windows Group matches "yourdomain\externalist"
Remote access policy y
If Windows Group matches "yourdomain\employees"
Now in Remote access policy x, click edit profile>click advanced>click add. Choose "Class" attribute. This RA policy is for externalists, and lets say that we want to lock that windows group to test1 tunnel group. So enter OU=policy1 value in Class attribute. This is the group-policy name that we locked to tunnel-group test1
Follow the same path and enter OU=policy2 for Remote access policy y, the employees windows group.