Default Authentication
tnt at kalik.co.yu
tnt at kalik.co.yu
Wed May 2 21:51:28 CEST 2007
Add a huntgroup:
onlythem NAS-IP-Address == a.b.c.d, Service-Type == admin or prompt
Group = router-ro,
Group = router-rw
Ivan Kalik
Kalik Informatika ISP
Dana 2/5/2007, "Norman Zhang" <norman.zhang at gmail.com> piše:
>Alan DeKok wrote:
>>> Is there a way to force only group router-ro and router-rw can login?
>>
>> Switch the entries around:
>>
>> DEFAULT Group == router-ro
>> Fall-Through = Yes,
>> cisco-avpair := "shell:priv-lvl=7"
>>
>> DEFAULT Group == router-rw
>> Fall-Through = Yes,
>> cisco-avpair := "shell:priv-lvl=15"
>>
>> DEFAULT Auth-Type = System
>> Service-Type = NAS-Prompt-User
>
>This won't work, as Auth-Type = System will act as the clean-up default.
>All other Unix users will be able to login, except they have privilege =
>1. I read through users(5) few times, not sure if there's a way that I
>can avoid this. Can you give more hints?
>
>Norman
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
More information about the Freeradius-Users
mailing list