User radius profile
43 views
Skip to first unread message
lei xiao
Aug 24, 2015, 10:25:50 PM8/24/15
to privacyidea
I started to want to use Privacyidea to do the Cisco ASA VPN Authentication.
But I find Privacyideaadoes not support “User radius profile”.Like this :
So , We can not differentiate between the user belongs to the policy group.
That means users can authenticate all groups, But this is not our intention.
Cornelius Kölbel
Aug 25, 2015, 2:01:24 AM8/25/15
to priva...@googlegroups.com
Hello Lei,
probably the user radius profile is some additional attribute that is
sent in the RADIUS request. Probably there are RADIUS attributes
cisco-avpair
in the RADIUS request. So check in the RADIUS request the value of
cisco-avpair.
Then you can use the freeRADIUS unlang
http://freeradius.org/radiusd/man/unlang.html
to mangle your requests.
I.e. in this case you probably need to do the authorization within
FreeRADIUS. If this attribute matches certain conditions you can grant
authorization and got to authentication within privacyIDEA. If the
attribute does not match, you can deny authorization.
(See the CONDITIONS section)
Kind regards
Cornelius
Am Montag, den 24.08.2015, 19:25 -0700 schrieb lei xiao:
> I started to want to use Privacyidea to do the Cisco ASA VPN
> Authentication.
>
> But I find Privacyideaadoes not support “User radius profile”.
> Like this :
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/privacyidea/9c7f1489-8e40-47f7-becb-5df123c80e55%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
probably the user radius profile is some additional attribute that is
sent in the RADIUS request. Probably there are RADIUS attributes
cisco-avpair
in the RADIUS request. So check in the RADIUS request the value of
cisco-avpair.
Then you can use the freeRADIUS unlang
http://freeradius.org/radiusd/man/unlang.html
to mangle your requests.
I.e. in this case you probably need to do the authorization within
FreeRADIUS. If this attribute matches certain conditions you can grant
authorization and got to authentication within privacyIDEA. If the
attribute does not match, you can deny authorization.
(See the CONDITIONS section)
Kind regards
Cornelius
Am Montag, den 24.08.2015, 19:25 -0700 schrieb lei xiao:
> I started to want to use Privacyidea to do the Cisco ASA VPN
> Authentication.
>
> But I find Privacyideaadoes not support “User radius profile”.
> Like this :
> So , We can not differentiate between the user belongs to the policy group.
> That means users can authenticate all groups, But this is not our intention.
> --
> That means users can authenticate all groups, But this is not our intention.
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/privacyidea/9c7f1489-8e40-47f7-becb-5df123c80e55%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
Reply all
Reply to author
Forward
0 new messages