User /etc/shadow for Authentication
Norman Zhang
norman.zhang at gmail.com
Thu Apr 26 21:20:26 CEST 2007
Ranner, Frank MR wrote:
> Put your users into groups and add extra entries:
>
> DEFAULT Group == numpties
> cisco-avpair := "shell:priv-lvl=1"
>
> DEFAULT Group == supernumpties
> cisco-avpair := "shell:priv-lvl=10"
>
> Notes:
> These lines use := to over-rule the cisco-avpair previously set.
> They do not fall through.
> I personally would make the default a low privilege, with high
> privilege coming from group membership.
>
> You'll need to read up on the available mechanisms for grouping users.
Thanks. I edited users with the following entries
DEFAULT Auth-Type = System
Fall-Through = 1,
cisco-avpair = "shell:priv-lvl=1",
Service-Type = Administrative-User
DEFAULT Group == user-ro
cisco-avpair := "shell:priv-lvl=7"
DEFAULT Group == user-rw
cisco-avpair := "shell:priv-lvl=15"
but all users still get privilege level 15 access. Something wrong with
my config?
Norman
More information about the Freeradius-Users
mailing list