Radius Attribute Returns
-
Hello,
First post here. I'm looking at setting up OPENVPN with ISE as the radius server. I have it set up where there are 2 profiles to auth from. If not these two, then deny access which works. The auth piece works for lets say IT and Instructor profiles. The IT profile returns a cisco-av-pair = inacl#1=permit IP any any. The Instructor profile returns a series of inacl list. And it all seems fine. If I use my Instructor test account, they get denied access to what is expected. For example, RDP to my work desktop. However, switching to my IT account and it is being blocked as if I'm an Instructor. I was told by support that the cache is removed everytime a client signs out and I can prove that my IT account is returning the correct attribute looking in ISE. Is there a way to see where these are cached on PFSENSE plus?
pfctl -a openvpn/{OPENVPNSERVERINTERFACE}{USERNAME}{REMOTEPORT} -sr
I tried this syntax and doesn't seem to work no matter what I plug into the variables.
Has anyone run across this and is there something I should be looking at?
-