<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.st
{mso-style-name:st;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">Hello,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I apologize if these questions have already been answered. I have scoured the internet for help, but have been unable to find what I’m looking for. Keep in mind this was the first time I have ever used linux so at the beginning of this
project I was beyond newb.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I am setting up a freeRADIUS (2.1.10) server for my network. I have everything working how I want it to except for some of the permission settings. For example, when users log in to Motorola radios in my network via freeRADIUS they only
receive read-only permissions. Or when a Cisco user logs in I would like for them to receive automatic #privilege level 15. I need for users to receive admin privileges. How do I accomplish this?
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">NOTE: I’m authenticating against active directory. So where can I configure things like “<em><span style="font-family:"Calibri","sans-serif"">cisco</span></em><span class="st">-</span><em><span style="font-family:"Calibri","sans-serif"">avpair</span></em><span class="st">
= </span><em><span style="font-family:"Calibri","sans-serif"">shell</span></em><span class="st">:</span><em><span style="font-family:"Calibri","sans-serif"">priv</span></em><span class="st">-</span><em><span style="font-family:"Calibri","sans-serif"">lvl=15,
or Motorola-WIBB-Auth-Role = system-admin-role?” I</span></em><em><span style="font-family:"Calibri","sans-serif";font-style:normal"> understand how to configure permissions when you have individual users configured in users.conf. file. How do you configure
permissions when you don’t have any local users configured, but are using Active Directory?<o:p></o:p></span></em></p>
<p class="MsoNormal"><em><span style="font-family:"Calibri","sans-serif""><o:p> </o:p></span></em></p>
<p class="MsoNormal"><em><span style="font-family:"Calibri","sans-serif";font-style:normal">Right now I use only one Active Directory group “</span></em><em><span style="font-family:"Calibri","sans-serif"">Radius-Users</span></em><em><span style="font-family:"Calibri","sans-serif";font-style:normal">”
for authentication. If a user is part of the </span></em><em><span style="font-family:"Calibri","sans-serif"">Radius-Users</span></em><em><span style="font-family:"Calibri","sans-serif";font-style:normal"> group on the AD server, then they get access. This
is fine for now, but in the future I would like to set up more granular access control. I have seen a lot of talk about LDAP groups, but have not been able to find decent information on it. Ideally I would like for there to be several different user groups
set up with different permissions for each. How do you accomplish this with freeRADIUS + Active Directory?<o:p></o:p></span></em></p>
<p class="MsoNormal"><em><span style="font-family:"Calibri","sans-serif";font-style:normal"><o:p> </o:p></span></em></p>
<p class="MsoNormal"><em><span style="font-family:"Calibri","sans-serif";font-style:normal">Any help would be much appreciated.<o:p></o:p></span></em></p>
<p class="MsoNormal"><em><span style="font-family:"Calibri","sans-serif";font-style:normal"><o:p> </o:p></span></em></p>
<p class="MsoNormal"><em><span style="font-family:"Calibri","sans-serif";font-style:normal">Thank you,</span></em><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b><span style="color:#1F497D"><br>
TBrady<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span style="color:#1F497D"><br>
<br>
</span></b><span style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="color:#1F497D"><o:p> </o:p></span></b></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>