Privelege Level with Different Manufacturers
Kevin Bonner
keb at pa.net
Thu Oct 19 22:43:40 CEST 2006
On Thursday 19 October 2006 08:20, Maestro_Ba wrote:
> </etc/raddb/users>
>
> user1 Auth-Type := System
> Service-Type = Shell-User,
> cisco-avpair = "shell:priv-lvl=15"
>
> However, now I have other manufacturers' devices in my network, namely
> Alcatel, Enterasys and Nortel.
> I want this user to be able to authenticate in any device, and with high
> privilege levels, if possible.
> As it is right now, an error occurs in non-cisco equipment (because of
> "cisco-avpair").
>
> Can anyone tell me:
> 1 - How to configure </etc/raddb/users> file?
> 2 - How to configure the different devices?
>
> Thanks a lot, any information will be very helpful!
> Maestro_Ba
One option is to use huntgroups to identify the class of each NAS device on
your network. In your users file, you can match the user with the specific
huntgroup and configure attributes to be returned.
-- huntgroups --
cisco NAS-IP-Address == A.B.C.D
cisco NAS-IP-Address == G.H.I.J
nortel NAS-IP-Address == W.X.Y.Z
-- end huntgroups --
-- users --
user1 Huntgroup-Name == "cisco", Auth-Type := System
Service-Type = Shell-User,
cisco-avpair = "shell:priv-lvl=15"
user1 Huntgroup-Name == "nortel", Auth-Type := System
... Nortel specific attributes ...
-- end users --
Kevin Bonner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20061019/24f34e34/attachment.pgp>
More information about the Freeradius-Users
mailing list