VPN radius group lock question

Discussion in 'Cisco' started by Harry (de echte), Apr 14, 2004.

  1. Hi,

    I am rather clueless about the following issue.

    It is possible to use a external radius for authenticating VPN users,
    with a OU value you can 'push' the users in a certain group. The
    external radius authentication is working fine but the groups are set
    in vpn profile files. We don't use Cisco Secure but a unix based
    radius server. We want to use the OU value for two reasons, easy
    roll-out to the users and most important no trading in pcf files.

    I found the following documents on the cisco side. (CCO req)

    http://www.cisco.com/warp/customer/471/altigagroup.html
    http://www.cisco.com/warp/public/471/vpn_3000_auth.html

    If I understand the procedure correctly, everyone is entering the
    concentrator through a 'standard' profile and depending on the OU
    value the user is forced in a certain profile. How does the filter
    affects my current profiles :? One strange thing in the first
    document: They mention a few times "Make sure the Group Lock feature
    is not checked for this group" hmmm why are they calling it "group
    lock" when you may not check this feature.

    Any help is appreciated to push me (and my users) in the right
    direction.


    Harry
     
    Harry (de echte), Apr 14, 2004
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.