Default Authentication
Norman Zhang
norman.zhang at gmail.com
Fri May 4 03:59:38 CEST 2007
Alan DeKok wrote:
> If you want only groups A and B to log in, do:
>
> DEFAULT Group == A, Auth-Type = System
> ...
>
> DEFAULT Group == B, Auth-Type = System
> ...
>
> DEFAULT Auth-Type := Reject
Thanks. Here's what I done.
DEFAULT Group == router-ro, Auth-Type = System
Service-Type = NAS-Prompt-User,
cisco-avpair := "shell:priv-lvl=7"
DEFAULT Group == router-rw, Auth-Type = System
Service-Type = NAS-Prompt-User,
cisco-avpair := "shell:priv-lvl=15"
but I can't get restriction for another group "fw-group" to work.
*added to users*
DEFAULT Group == fw-group, Auth-Type = System
Huntgroup-Name == "fw-pix",
Service-Type = NAS-Prompt-User,
cisco-avpair := "shell:priv-lvl=15"
*added to huntgroups*
fw-pix NAS-IP-Address == 10.0.0.1
fw-pix NAS-IP-Address == 10.0.0.2
Group "router-ro" and "router-rw" still can login to the PIX. Can you
give me few more pointers?
Norman
More information about the Freeradius-Users
mailing list