Restricting access to a NAS
Lewis Bergman
lbergman at wtxs.net
Tue Jan 24 18:01:12 CET 2006
Laker Netman wrote:
> I have a Cisco 3660 router configured for dialup AAA
> through FR (1.0.5) to access our LAN. I also have the
> login to the router itself, for admin, authenticating
> through FR (MySQL backend).
> The same DB is used for all auth, so currently anyone
> with a dialup account could also telnet into the
> router. This leaves only my 'enable' password to
> prevent problems.
> I want to configure FR to eliminate this ability for
> all but a select group of users (admins). There are
> other devices I would like to add to the list later.
> I've been looking at huntgroups as the solution, but
> was unsure how (or if) this could be handled via sql
> rather than the users file.
>
> Is anyone doing this and could provide a sample config
> layout?
>
I am not currently doing this but plan to tackle it by using something
like a realm of admin when I do get to it. So a user needing admin privs
would have to log in like user at admin.user to get access.
--
Lewis Bergman
Texas Communications
4309 Maple St.
Abilene, TX 79602-8044
Off. 325-691-1301
Cell 325-439-0533
fax 325-695-6841
More information about the Freeradius-Users
mailing list