networks in clients.conf
Alan DeKok
aland at deployingradius.com
Wed Nov 8 00:27:58 CET 2006
"Mike May" <mmay3 at nd.edu> wrote:
> After the authn I set some authz like Cisco-AVPair =
> "priv-lvl=15" used by Cisco routers and switches for network engineers who
> live in the proper LDAP group, here is where the problem is. PIX firewalls
> do not like me setting the priv lvl, and the reason is that the PIX will
> only accept authz from a tacacs server(it seems like).
So.. don't specify that for the PIX firewall, *or* add it only for
the non-PIX machines.
> What I need to do is
> specify a "netauth" == NAS-IP-ADDRESS 192.168.20.0/23 subnet. Instead of
> "netauth" == NAS-IP-ADDRESS 192.168.20.15, this way I can use my users file
> and not set the Cisco priv lvl for those devices that live on the firewall
> subnets.
You can match IP's via regular expressions.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list