I have a Balance 380 that is setup for L2TP/IPSec VPN access using RADIUS authentication back to Active Directory with a NPS policy that checks to see if the user is in the “VPN” group as well as if the request comes from the IP address of the 380. Everything is working fine. I want to enable RADIUS authentication for the web login of the Balance 380 that will check against a “RouterLogins” Active Directory group. However, I’m not sure how to distinguish the difference between the request coming from a VPN or web login. Anyone have any thoughts?
We are checking whether making use of the Service-Type to be the identifier. Do you see this work for you? The Service-Type list going to be like below:
- Service-Type = Administrative (Web Admin Auth)
- Service-type = Callback Login (Remote User Auth)
- Service-type = Framed (WPA2 Enterprise Auth)
- Service-type = Login (Captive Portal Auth)