Useing Radius for authentication and authorization
Posted: Wed Jun 22, 2016 5:41 am
Hallo all
I'm currently using a perl auth-user-pass-verify script to authenticate clients versus a Radius server. Then I use a client-connect script to authorize access to internal resources, i.e. I add the client ip address of the newly created tunnel to some zone in the firewall. Which zone is selected depends on the user.
I would like to get the zone where the user belongs to from the Radius reply attributes. I have these attributes passed me from the Radius server in the auth-user-pass-verify script. I'm thinking about writing them in some private file cache for later client-connect script use, but I'm wondering if there's some built-in functionality to record something from the auth-user-pass-verify script for later use in the other scripts or in the configuration.
Thank you
Luigi
I'm currently using a perl auth-user-pass-verify script to authenticate clients versus a Radius server. Then I use a client-connect script to authorize access to internal resources, i.e. I add the client ip address of the newly created tunnel to some zone in the firewall. Which zone is selected depends on the user.
I would like to get the zone where the user belongs to from the Radius reply attributes. I have these attributes passed me from the Radius server in the auth-user-pass-verify script. I'm thinking about writing them in some private file cache for later client-connect script use, but I'm wondering if there's some built-in functionality to record something from the auth-user-pass-verify script for later use in the other scripts or in the configuration.
Thank you
Luigi