User /etc/shadow for Authentication [unclas]

Ranner, Frank MR Frank.Ranner at defence.gov.au
Thu Apr 26 06:37:37 CEST 2007


Put your users into groups and add extra entries:

DEFAULT Group == numpties
	cisco-avpair := "shell:priv-lvl=1"

DEFAULT Group == supernumpties
	cisco-avpair := "shell:priv-lvl=10"

Notes:
These lines use := to over-rule the cisco-avpair previously set.
They do not fall through.
I personally would make the default a low privilege, with high 
privilege coming from group membership. 

You'll need to read up on the available mechanisms for grouping users.

Regards,
Frank Ranner

> -----Original Message-----
> From: 
> freeradius-users-bounces+frank.ranner=defence.gov.au at lists.fre
> eradius.org 
> [mailto:freeradius-users-bounces+frank.ranner=defence.gov.au at l
> ists.freeradius.org] On Behalf Of Norman Zhang
> Sent: Thursday, 26 April 2007 10:50
> To: freeradius-users at lists.freeradius.org
> Subject: Re: User /etc/shadow for Authentication
> 
> tnt at kalik.co.yu wrote:
> > Login OK: [tester] (from client test-network port 1 cli 10.0.0.1) 
> > Sending Access-Accept of id 27 to 10.0.0.2:1645
> > 
> > You have "got in". But you haven't returned any radius 
> attributes. You 
> > need to return something like Service-Type = Administrative-User or 
> > NAS-Prompt-User so NAS knows what to do with the user.
> 
> Thanks for the hint. I added the last two lines to users, now 
> I can login.
> 
> DEFAULT	Auth-Type = System
> 	Fall-Through = 1,
>          cisco-avpair = "shell:priv-lvl=15",
>          Service-Type = Administrative-User
> 
> Still trying to learn FreeRADIUS, should Fall-Through = True 
> and not 1? 
> How can I specify some users to have priv-lvl lower than 15, 
> if default is 15?
> 
> Norman
> 
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
> 




More information about the Freeradius-Users mailing list