Accepting all terminal-server logins from a specific unix group
J B Bell
cipher at redback.com
Mon Nov 10 20:38:49 CET 2008
Hi folks,
Following the FAQ, I have added a line like this to my users file:
DEFAULT Group == eng, Auth-Type := Accept
I do have "usegroup = yes" set in my radiusd.conf.
Now, just below that, as the final entry, is this:
DEFAULT Auth-Type := Accept
Extreme-Security-Profile = "port100full
LOGOFF-PROFILE=port100full;",
Extreme-Netlogin-Vlan = guest
So, we have both Extreme switches and terminal servers authenticating to
our radius server. Prior to this attempt I've had individual user
entries for the terminal servers, of the form:
joeuser Auth-Type := Accept
Service-Type = Administrative
If I add the Service-Type line to my default group line, it breaks
authentication and also slows it way down, taking about 20-30 seconds.
With the "DEFAULT Group" line by itself, however, *all* users, including
nonexistent ones, get accepted. This isn't ideal, obviously. I'm also
concerned that my guest vlan logins may not be making it past that first
default group entry.
Any ideas how to make this work?
--JB
More information about the Freeradius-Users
mailing list