Re: Different Groups

Norman Zhang <norman.zhang@gmail.com> · Tue, 01 May 2007 20:02:33 -0600

Norman Zhang wrote:

tnt@kalik.co.yu wrote:

Yes. Use NAS-IP-Address as check item. If you need a list of groups
and/or users/callerIDs/etc. that are allowed then use a huntgroup.

I added the following lines to huntgroup.

fw-pix		NAS-IP-Address == 10.0.0.1
fw-pix		NAS-IP-Address == 10.0.0.2

fw-pix-group	NAS-IP-Address == 10.0.0.1
		User-Name = fw-admin,
		Group = fw-group

I also added the following lines to users

DEFAULT Group = fw-group
	cisco-avpair := "shell:priv-lvl=15"

DEFAULT Huntgroup-Name == "fw-pix"
	Fall-Through = Yes

but I still cannot work. Now there's nothing showing with debug mode. 

Can someone please give me a few pointers?

Norman