Default Authentication

Norman Zhang norman.zhang at gmail.com
Wed May 2 19:05:22 CEST 2007


Alan DeKok wrote:
>> Is there a way to force only group router-ro and router-rw can login?
> 
>   Switch the entries around:
> 
> DEFAULT Group == router-ro
> 	Fall-Through = Yes,
> 	cisco-avpair := "shell:priv-lvl=7"
> 
> DEFAULT Group == router-rw
> 	Fall-Through = Yes,
> 	cisco-avpair := "shell:priv-lvl=15"
> 
> DEFAULT	Auth-Type = System
> 	Service-Type = NAS-Prompt-User

This won't work, as Auth-Type = System will act as the clean-up default. 
All other Unix users will be able to login, except they have privilege = 
1. I read through users(5) few times, not sure if there's a way that I 
can avoid this. Can you give more hints?

Norman




More information about the Freeradius-Users mailing list