Exec and ntlm_auth
Ivan Kalik
tnt at kalik.net
Thu Nov 26 00:24:51 CET 2009
freeradius at corwyn.net wrote:
> Perhaps my question is how to integrate
>
> Per User Privilege Level
>
> You can also send the privilege level (enable mode is level 15) for
> individual users as a reply item to automatically put them into that
> level with cisco-avpair = "shell:priv-lvl=15"
>
> You can do this with an entry in your users file similar to the following
>
> youruser Cleartext-Password := "somepass"
> Service-Type = NAS-Prompt-User,
> cisco-avpair = "shell:priv-lvl=15"
>
>
> into the AD part, instead of into the users file? I had planned to
> just use AD security groups ....
Configure AD as ldap server in ldap module (.raddb/modules/ldap). Then
add to users file:
DEFAULT Ldap-Group == "max_priv_level" or whatever is your group called
Service-Type = NAS-Prompt-User,
cisco-avpair = "shell:priv-lvl=15"
Ivan Kalik
More information about the Freeradius-Users
mailing list