Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1333
Views
0
Helpful
1
Replies

Does anybody authenticate VPN Cisco clients againts Freeradius

peter_jevos
Level 1
Level 1

‎07-15-2010 05:01 AM - edited ‎03-10-2019 05:15 PM

Hi friends

I have running AAA against IAS and I want to move to the Freeradius

What I was not able to solve is the freeradius part.

I know that this is probably question to Freeradius maling list, but I was not able to find an answer there

I have running ntml_auth against AD, and I can authenticate to get the level 15 on the router

But i don't know how to configure freeradius to authenticate VPN Cisco clients. they're autheticated with domainname\username and password

My current users file contains:

user   Auth-Type := ntlm_auth
        Service-Type = NAS-Prompt-User,
        cisco-avpair = "shell:priv-lvl=15"

Can somebody help me please with freeradius configuration against sico vpn clients ?

Thanks a lot

pet

Labels:
0 Helpful
1 Reply 1

care_cisco
Level 1
Level 1

‎07-16-2010 11:58 AM

Based on the radius group, you can differentiate it based on the attribute

webvpn:user-vpn-group="group name"

where this group is on the termination device (router, asa) and it says what rights the "group name" will have.

For example, I do it to differentiate between two different sets of clients , say A - group A on radius --- these are passed on with the attribute X when successfully authenticated, now what this X means can be defined on the router e.g. they have access to a single page or they have full tunnel access ...etc....

0 Helpful
Customers Also Viewed These Support Documents