Defining different Service-Types for different equipment for the same user
Nuno.Cervaens at cern.ch
Thu Jul 6 10:10:30 CEST 2006
Alan DeKok wrote:
>Nuno Cervaens <Nuno.Cervaens at cern.ch> wrote:
>>My problem is that when a
>>user logs in to an Enterasys SSR with the Service-Type = Administrative,
>>it goes immediately to the configure mode, and I dont want that, just
>>the enable mode.
> I presume this is a documented Enterasys feature. If not, file a
>bug with them.
Yes its a SSR feature, so I cannot change this.
>>So for a user that has Serv.Type = Administrative I would like to
>>specifically define for the SSRs the Service-Type as NAS-Prompt (which
>>goes to enable mode, equivalent for Administrative for CISCO that goes
>>as well to enable mode for example).
> I'm not sure what you mean by that. You can define what you want,
>but what do you want to put in what packet?
Here's an example for what it would be a perfect solution:
userOne Crypt-Password == "$1$GYuKhumy$wUkW0ZvClTCi86kkkgJBw."
Service-Type = 6
Service-Type = 7 (for the SSRs)
userTwo Crypt-Password == "$1$ASD#$SDGYuKhasdcasdcasdumy$wUk."
Service-Type = 7
Service-Type = 1 (for the SSRs)
So, userOne would log in as Administrative in all routers and as
NAS-Prompt for the SSRs, userTwo would log in as NAS-Prompt in all
routers and as Login for the SSRs.
The reason I want this is because for the same Service-Type I have
different behaviors from the equipments.
> Alan DeKok.
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users