different user perms for different clients

Alan DeKok aland at deployingradius.com
Thu May 7 15:30:12 CEST 2015


On May 6, 2015, at 8:52 PM, Pat Cain <moftsd at gmail.com> wrote:
> Essentially, I'm just not getting it when it comes to configuring a
> different list of users for each freeradius client.  Not sure if I'm
> supposed to use huntgroups or features within client definitions.

  No.  The users aren't tied to clients.  The users are stored in a database.  If you want to tie users to a client, you'll have to do that manually via unlang rules.

> What I'd like to be able to change, though, is for userdd to have admin
> access to two of our switches, and read access to all the rest.

   That's a good problem statement.

> The essence of this question is how do I customize the user list for each
> client? Is it a huntgroup, or a conditional include in the clients.conf
> file?

  You're looking for a database which contains a 2-d array of information.  The columns are NASes.  The rows are user names.  Each entry is the admin level of the user.  That can be done in SQL, or via the passwd module.  See the etc_group module for examples.

  i.e. you can put admin users into a group, named for each NAS.  Then, if the group name matches the NAS IP, the user has admin access.  Otherwise, they have RO access.

> PS - is there an archive for this list that can be searched?

  Google.

  Alan DeKok.





More information about the Freeradius-Users mailing list