[strongSwan] User in two radius groups
Martin Willi
martin at strongswan.org
Fri Dec 7 10:15:26 CET 2012
Hi Igor,
> How can I make it possible to do like: when user use "g1" as its group
> name and then it select the peer config "1", so "g2" to use peer
> config "2" ?
If you are talking about "Group Name" in context of Cisco IPsec (as it
used by iOS and OS X), this is not related to the "rightgroups" option.
If you define a "Group Name" on such devices, they initiate with this
IKE identity. So you'll probably have more luck if you try to define a
"rightid" in each connection entry according to the group name.
"rightgroups" information comes from other (trusted) sources, for
example the RADIUS server can assign group membership to enforce a
specific connection, see [1].
Regards
Martin
[1]http://wiki.strongswan.org/projects/strongswan/wiki/EapRadius#Group-selection
More information about the Users
mailing list