Default Authentication
Norman Zhang
norman.zhang at gmail.com
Wed May 2 19:05:22 CEST 2007
Alan DeKok wrote:
>> Is there a way to force only group router-ro and router-rw can login?
>
> Switch the entries around:
>
> DEFAULT Group == router-ro
> Fall-Through = Yes,
> cisco-avpair := "shell:priv-lvl=7"
>
> DEFAULT Group == router-rw
> Fall-Through = Yes,
> cisco-avpair := "shell:priv-lvl=15"
>
> DEFAULT Auth-Type = System
> Service-Type = NAS-Prompt-User
This won't work, as Auth-Type = System will act as the clean-up default.
All other Unix users will be able to login, except they have privilege =
1. I read through users(5) few times, not sure if there's a way that I
can avoid this. Can you give more hints?
Norman
More information about the Freeradius-Users
mailing list