[strongSwan] EAP Radius
Raoul Duke
rduke496 at gmail.com
Wed Nov 13 17:46:07 CET 2013
On Wed, Nov 13, 2013 at 4:18 PM, Martin Willi <martin at strongswan.org> wrote:
>
>> So if I don't see a RADIUS auth attempt when I add "rightgroups" then
>> how could it ever determine the group to know if it would match.
>
> It won't, and the connection just does not match if that group
> membership is not determined.
We must be talking at cross purposes. Im saying:
* when I leave out the "rightgroups" constraint I see a RADIUS auth
attempt. All good.
* when I add "rightgroups" constraint to the connection I don't see a
RADIUS auth attempt
If the group membership is determined via a RADIUS auth reply and the
RADIUS lookup is not even done then how can the latter case ever work?
> However, rightgroups is a generic concept, not directly related to
> RADIUS. You could get that group membership information from a different
> backend, for example from a custom XAuth handler.
ok - so in the configuration I have what is the right way for it to
deem the user group membership? I feel like I'm missing something
fundamental. Is my configuration wrong for this purpose?
Thanks.
More information about the Users
mailing list