Default Authentication [SEC=UNCLASSIFIED]
Ranner, Frank MR
Frank.Ranner at defence.gov.au
Wed May 2 05:28:39 CEST 2007
> -----Original Message-----
> From:
> freeradius-users-bounces+frank.ranner=defence.gov.au at lists.fre
> eradius.org
> [mailto:freeradius-users-bounces+frank.ranner=defence.gov.au at l
> ists.freeradius.org] On Behalf Of Norman Zhang
> Sent: Wednesday, 2 May 2007 13:08
> To: freeradius-users at lists.freeradius.org
> Subject: Default Authentication
>
> I have the following setup for users
>
> DEFAULT Auth-Type = System
> Fall-Through = Yes,
> cisco-avpair = "shell:priv-lvl=1",
> Service-Type = NAS-Prompt-User
>
> DEFAULT Group == router-ro
> cisco-avpair := "shell:priv-lvl=7"
>
> DEFAULT Group == router-rw
> cisco-avpair := "shell:priv-lvl=15"
>
> However, system users not in group router-ro or router-rw are
> still able to login with privilege level = 1. Is there a way
> to force only group router-ro and router-rw can login?
>
>
Add:
DEFAULT Auth-Type := Reject
Reply-Message := "Access denied"
To the end of the users file.
FR
More information about the Freeradius-Users
mailing list