Add a huntgroup: onlythem NAS-IP-Address == a.b.c.d, Service-Type == admin or prompt Group = router-ro, Group = router-rw Ivan Kalik Kalik Informatika ISP Dana 2/5/2007, "Norman Zhang" <norman.zhang@gmail.com> piše:
Alan DeKok wrote:
Is there a way to force only group router-ro and router-rw can login?
Switch the entries around:
DEFAULT Group == router-ro Fall-Through = Yes, cisco-avpair := "shell:priv-lvl=7"
DEFAULT Group == router-rw Fall-Through = Yes, cisco-avpair := "shell:priv-lvl=15"
DEFAULT Auth-Type = System Service-Type = NAS-Prompt-User
This won't work, as Auth-Type = System will act as the clean-up default. All other Unix users will be able to login, except they have privilege = 1. I read through users(5) few times, not sure if there's a way that I can avoid this. Can you give more hints?
Norman
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html