Group-Name in freeradius reply item list
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Mon Mar 28 11:29:30 PDT 2016
On Tue, 2016-03-29 at 02:05 +0800, Yick Xie wrote:
> Well, there are still some options for us, as documented in Cisco's
> manual[1] and a related guide[2]. It seems that the solution for
> group policies varies from different
> providers[3](Cisco/Juniper/Huawei/etc..) just like dictionaries built
> in raddb. From my perspective the attribute Class (rfc2865#section
> -5.25) could be a safe choice and compatible with Cisco's
> standard[1](Table C-8). If needed one day, it could be scaled up
> flexibly to more complicated extend as vendor specified.
[...]
> Under /etc/ocserv/config-per-group/, I created files named
> 10,3130,31:30, and no one matched. Anything else shall be configed?
Did you update the dictionary to contain class? Most likely the logic
for multiple groups must be added. I'll send you a preliminary patch to
check.
regards,
Nikos
More information about the openconnect-devel
mailing list