Hi,
I'm looking to implement an on-site radius appliance with YubiRadius, to replace an RSA SecurID system (for obvious reasons).
I have the YubiRadius appliance in a test environment, authenticating against active directory, and this works great - very easy to set up.
What I'm wondering is if there's a way to assign different radius options to users, or groups of users.
We make use of this on the SecurID system to assign different VPN profiles / access lists / address pools to different groups of users. This system makes it (reasonably) easy to assign a user to a group (or profile) and assign radius options to the group. Our VPN concentrator also requires that certain radius options be set upon authentication.
What I'd like to see is the ability to assign a user to an AD group, and have that group provide specific radius configuration on the appliance.
Is this something I could achieve now (even by customising the appliance), or is it planned for a future release? Is there an alternative authentication provider that could do this now using Yubikey's?
Thanks for your help.
Carl
|