Per device/user attributes
Gene.Hinds at birch.com
Thu Aug 28 15:38:41 CEST 2008
I have recently installed freeradius and set it up to use a mysql
database which will store username, passwords and attributes. My current
goal is to limit user access and privileges into Cisco, and other types,
of routers when support personnel SSH/telnet into them. I currently have
the general access working well enough but I am having problems in
figuring out how to do something I thought would be simple.
I am trying to determine how to have freeradius respond with
different attributes for a user depending on what device he telnets
into. If he is a level 1 tech and telnets into a customer router I want
him to have admin rights but if he telnets into a Core router I want him
to only have Cisco level 1 access. Since these are naturally different
attributes the response from freeradius needs to be different depending
on the routers sending the request. From reading it seems this is
possible with some rules in possibly the "radcheck" table but I cannot
fully grasp the concept.
Can someone please give me some direct documentation or
configuration examples on this issue? I seem to know just just enough to
get myself in trouble so the more detailed the instructions the better.
More information about the Freeradius-Users