RE: Restricting access to a NAS
I'm doing this with huntgroups J.
-----Oorspronkelijk bericht----- Van: freeradius-users- bounces+jonathan.de.graeve=imelda.be@lists.freeradius.org [mailto:freeradius-users- bounces+jonathan.de.graeve=imelda.be@lists.freeradius.org] Namens Lewis Bergman Verzonden: dinsdag 24 januari 2006 18:01 Aan: FreeRadius users mailing list Onderwerp: Re: Restricting access to a NAS
Laker Netman wrote:
I have a Cisco 3660 router configured for dialup AAA through FR (1.0.5) to access our LAN. I also have the login to the router itself, for admin, authenticating through FR (MySQL backend). The same DB is used for all auth, so currently anyone with a dialup account could also telnet into the router. This leaves only my 'enable' password to prevent problems. I want to configure FR to eliminate this ability for all but a select group of users (admins). There are other devices I would like to add to the list later. I've been looking at huntgroups as the solution, but was unsure how (or if) this could be handled via sql rather than the users file.
Is anyone doing this and could provide a sample config layout?
I am not currently doing this but plan to tackle it by using something like a realm of admin when I do get to it. So a user needing admin privs would have to log in like user@admin.user to get access.
-- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 Off. 325-691-1301 Cell 325-439-0533 fax 325-695-6841 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (1)
-
Jonathan De Graeve