Are you just trying to match requirements based on OS or are you
actually wanting different ACLs applied based on their OS?

Simon

>>> 
From: 	David Stempien <[log in to unmask]>
To:	<[log in to unmask]>
Date: 	4/5/2007 10:12 AM
Subject: 	Separate user roles based on operating system

All,

For hosts coming into a CAS via a shared VLAN and authenticating via a
shared auth provider (RADIUS), is it possible to split users into
separate
roles based on operating system type?  Here*s what I*m trying to
accomplish:

    - Windows users (agent required) would be mapped to UserRoleA
    - Non-Windows users would be mapped to UserRoleB

The CAS should is able to identify Windows hosts based on information
from
the agent, but there doesn't appear to be any way to leverage this
information in regards to role mapping.

Perhaps this can be done by passing a RADIUS attribute during
authentication
for operating system type?  If so, what attribute?

I suppose I could setup an identical auth provider and direct Windows
users
to select it, but that puts the burden on the user to make the correct
choice of auth provider.

Anyone have any thoughts about this?

Much thanks,

--
Dave Stempien, Network Security Engineer
University of Rochester Medical Center
Information Systems Division
585-784-2427