Authenticating client with Radius

Hi there,

 

 

I currently use an iRules that provide Radius Authentication for Exchange Web services (owa, oa, activesync...) thru a form form owa and with basic auth for the others.

 

It works beautifully.

 

 

But now, i need to differentiate two groups of users and i can't figure it how.

 

I explain :

 

 

For the moment, my radius server (IAS) is configured to authorize only a group of users (based on windows group). I need to authorize all domain users that come from a given ip or range of ips, regardless of their group membership.

 

 

First, i imagined that i could manipulate the NAS-Identifier attribute from the iRules, in order to use ias rules to differentiate users, but it seems that it's not possible.

 

I also tried to create two differents Radius profiles, with two differents NAS-Identifier. But i can't manage to use two Radius profile in the same iRule.

 

 

I hope that it's understandable :-)

 

 

Thanks in advance