added eap-radius-filter_id option to strongswan.conf

author Andreas Steffen <andreas.steffen@strongswan.org>

Mon, 11 Oct 2010 10:20:45 +0000 (12:20 +0200)

committer Andreas Steffen <andreas.steffen@strongswan.org>

Mon, 11 Oct 2010 10:20:45 +0000 (12:20 +0200)
author Andreas Steffen <andreas.steffen@strongswan.org>
Mon, 11 Oct 2010 10:20:45 +0000 (12:20 +0200)
committer Andreas Steffen <andreas.steffen@strongswan.org>
Mon, 11 Oct 2010 10:20:45 +0000 (12:20 +0200)
diff --git a/man/strongswan.conf.5.in b/man/strongswan.conf.5.in

index f46f22e..e522261 100644 (file)
--- a/man/strongswan.conf.5.in
+++ b/man/strongswan.conf.5.in
@@ -223,6 +223,19 @@ option in
  .BR charon.plugins.eap-radius.eap_start " [no]"
  Send EAP-Start instead of EAP-Identity to start RADIUS conversation
  .TP
+.BR charon.plugins.eap-radius.filter_id " [no]"
+If the RADIUS
+.I tunnel_type
+attribute with value
+.B ESP
+is received, use the
+.I filter_id 
+attribute sent in the RADIUS-Accept message as group membership information that
+is compared to the groups specified in the
+.B rightgroups
+option in
+.B ipsec.conf (5).
+.TP
  .BR charon.plugins.eap-radius.id_prefix
  Prefix to EAP-Identity, some AAA servers use a IMSI prefix to select the
  EAP method
author	Andreas Steffen <andreas.steffen@strongswan.org>
	Mon, 11 Oct 2010 10:20:45 +0000 (12:20 +0200)
committer	Andreas Steffen <andreas.steffen@strongswan.org>
	Mon, 11 Oct 2010 10:20:45 +0000 (12:20 +0200)