Exec and ntlm_auth

freeradius at corwyn.net freeradius at corwyn.net
Thu Nov 26 00:17:09 CET 2009


At 05:57 PM 11/25/2009, Rick Steeves wrote:
>I have the cisco configured per that guide already . However, I 
>don't want to put user / password info in the users file, because 
>that would defeat part of the model of centralized authentication to 
>AD.  So I want that to feed authentication back to radius > AD as well.

Perhaps my question is how to integrate

Per User Privilege Level

You can also send the privilege level (enable mode is level 15) for 
individual users as a reply item to automatically put them into that 
level with cisco-avpair = "shell:priv-lvl=15"

You can do this with an entry in your users file similar to the following

youruser   Cleartext-Password := "somepass"
            Service-Type = NAS-Prompt-User,
            cisco-avpair = "shell:priv-lvl=15"


into the AD part, instead of into the users file?  I had planned to 
just use AD security groups ....

rick





>Rick






More information about the Freeradius-Users mailing list