Thanks for response!<div><br></div><div>So, users file can look like this:</div><div>========================users=====================================</div><div><br></div><div><span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; border-collapse: collapse; "><div>
mdopierala Packet-Src-IP-Address == 192.168.1.1, Crypt-Password = "some_hash"</div><div> Service-Type = "Administrative-User",</div><div> Cisco-AVPair="shell:priv-lvl=15",</div>
<div> Brocade-Auth-Role ="Administrator"</div><div><br></div><div><div> mdopierala Packet-Src-IP-Address == 192.168.1.2, Crypt-Password = "some_hash2"</div><div> Service-Type = "Administrative-User",</div>
<div> Cisco-AVPair="shell:priv-lvl=1",</div><div> Brocade-Auth-Role ="Administrator"</div></div></span><div> </div><div>=====================================================================</div>
<div><br></div><div>This way user mdopierala will have priv-lvl=15 to router1 and priv-lvl=1 to router2?</div><div>I have a lot of users and clients in my environment(a lot of network equipments and administrators). Can I make any groups of this users and clients and then make policies to this groups? This way I could add new users to this groups apart from making separate policies.</div>
<div>Unfortunately I work on producing environment and I can't make as many test as I wish.</div><div><br><div class="gmail_quote">2010/5/14 Alan DeKok <span dir="ltr"><<a href="mailto:aland@deployingradius.com">aland@deployingradius.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">Micha³ Dopiera³a wrote:<br>
> It is possible in freeradius to have one user who has full privilege<br>
> level to one equipment (one cisco router privilege lvl15), and limited<br>
> privilege level to other equipment (other router with smaller privilege<br>
> e.g. lvl10 which will be configured on router)?<br>
<br>
</div> Yes.<br>
<br>
> How to separate it?<br>
<br>
How are the requests different? Use that information to separate the<br>
policies for the two routers.<br>
<div class="im"><br>
> My current configuration of users:<br>
><br>
> mdopierala Auth-Type := PAP, Crypt-Password = "passwrd"<br>
<br>
</div> DON'T set Auth-Type. Honestly. This should be written in huge<br>
letters everywhere on all of the documentation.<br>
<div class="im"><br>
> Service-Type = "Administrative-User",<br>
> Cisco-AVPair="shell:priv-lvl=15",<br>
> Brocade-Auth-Role ="Administrator"<br>
<br>
</div> And it doesn't contain any *conditional* checks for different clients.<br>
<br>
You could do:<br>
<br>
mdopierala Packet-Src-IP-Address == 192.168.1.1, Cleartext-Password := ...<br>
...<br>
<br>
<br>
i.e. check for NAS IP, and return different results based on that.<br>
<font color="#888888"><br>
Alan DeKok.<br>
</font><div><div></div><div class="h5">-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a></div></div></blockquote></div><br></div></div>