User /etc/shadow for Authentication [unclas]
Ranner, Frank MR
Frank.Ranner at defence.gov.au
Thu Apr 26 06:37:37 CEST 2007
Put your users into groups and add extra entries:
DEFAULT Group == numpties
cisco-avpair := "shell:priv-lvl=1"
DEFAULT Group == supernumpties
cisco-avpair := "shell:priv-lvl=10"
Notes:
These lines use := to over-rule the cisco-avpair previously set.
They do not fall through.
I personally would make the default a low privilege, with high
privilege coming from group membership.
You'll need to read up on the available mechanisms for grouping users.
Regards,
Frank Ranner
> -----Original Message-----
> From:
> freeradius-users-bounces+frank.ranner=defence.gov.au at lists.fre
> eradius.org
> [mailto:freeradius-users-bounces+frank.ranner=defence.gov.au at l
> ists.freeradius.org] On Behalf Of Norman Zhang
> Sent: Thursday, 26 April 2007 10:50
> To: freeradius-users at lists.freeradius.org
> Subject: Re: User /etc/shadow for Authentication
>
> tnt at kalik.co.yu wrote:
> > Login OK: [tester] (from client test-network port 1 cli 10.0.0.1)
> > Sending Access-Accept of id 27 to 10.0.0.2:1645
> >
> > You have "got in". But you haven't returned any radius
> attributes. You
> > need to return something like Service-Type = Administrative-User or
> > NAS-Prompt-User so NAS knows what to do with the user.
>
> Thanks for the hint. I added the last two lines to users, now
> I can login.
>
> DEFAULT Auth-Type = System
> Fall-Through = 1,
> cisco-avpair = "shell:priv-lvl=15",
> Service-Type = Administrative-User
>
> Still trying to learn FreeRADIUS, should Fall-Through = True
> and not 1?
> How can I specify some users to have priv-lvl lower than 15,
> if default is 15?
>
> Norman
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list