service-type passed in response

Pshem Kowalczyk pshem.k at gmail.com
Thu Aug 7 02:38:56 CEST 2008


Hi,

test      User-Password == "xxxx"
             Service-Type := Administrative-User,
             cisco-avpair += "shell:priv-lvl=15"

operator changed from = to :=
man 5 users

       Attribute = Value
            Not  allowed  as  a  check  item  for RADIUS protocol
attributes.  It is allowed for server configuration
            attributes (Auth-Type, etc), and sets the value of on
attribute, only if there is no other  item  of  the
            same attribute.
            As a reply item, it means "add the item to the reply list,
but only if there is no other item of the same
            attribute."

       Attribute := Value
            Always matches as a check item, and replaces in the
configuration items any attribute of the  same  name.
            If no attribute of that name appears in the request, then
this attribute is added.
            As a reply item, it has an identical meaning, but for the
reply items, instead of the request items.


kind regards
Pshem


2008/8/7 Josh Yost <josh.yost at cdw.com>:
> I am having a problem configuring management users for Cisco WLC. Here's my
> basic users file:
>
>
> DEFAULT     Service-Type = NAS-Prompt-User,
>                    cisco-avpair += "shell:priv-lvl=2",
>                    Fall-Through = 1
>
>
>
> test      User-Password == "xxxx"
>              Service-Type = Administrative-User,
>              cisco-avpair += "shell:priv-lvl=15"
>
>
> The problem I am having is that when user "test" logs in,  the access-accept
> packet passes the DEFAULT Service-Type Value (along with all other
> attributes in DEFAULT). I only want the default Service-Type value to be
> passed if I don't otherwise have one assigned in the individual users'
> entries.  Any Assistance here would be much appreciated!
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>



More information about the Freeradius-Users mailing list