1

I can't seem to find a good tutorial on how to set my network policy for one of my radius clients.

I'd like my radclientA with policyA to authenticate and radclientB with policyB to authenticate.

It seems though that if I have a policy in place, all radius clients added will authenticate to that policy.

Does that mean that I have to have different radius servers to each and every policy I want to set?

Volodymyr Molodets
  • 2,404
  • 9
  • 35
  • 52
normarth
  • 155
  • 3

2 Answers2

0

I think the way it works is that policies have an order of priority. It is possible for a client to match none, one or many policies, but only one policy can apply. The higest priority policy that matches your client will be used to define the authentication settings.

It sounds like your conditions for matching the policies are too broad. You need to find a condition of the calling station that only matches one of the policies. For example: If you are using group membership as the condition, make sure that the calling station is not a member of a group that would cause a match both in policies.

To confirm this is the case, you could perhaps reorder the priority of the policies and see if both clients use the new highest priority policy.

john
  • 1,995
  • 1
  • 17
  • 30
  • you are probably more experienced than me and called it calling-station. i had not configured the condition correctly and missed out the client-ip condition that I hadn't set. That has to match the system that i want the policy to apply to. Thanks John – normarth Aug 13 '15 at 04:07
0

In network policy, you have to set a condition for the client-ip or its like too. I had not done that, I can't see anywhere that is tutorialised either, so for a newbie in radius like myself I misconfigured.

normarth
  • 155
  • 3