Exec and ntlm_auth
freeradius at corwyn.net
freeradius at corwyn.net
Mon Nov 30 19:21:24 CET 2009
At 11:21 AM 11/30/2009, freeradius at corwyn.net wrote:
>Add to top of ./raddb/users:
>
>DEFAULT Ldap-Group == "UserGroup",Service-Type =
>NAS-Prompt-User,cisco-avpair = "shell:priv-lvl=15"
>DEFAULT Auth-Type = ntlm_auth
Hmm, it looks like
DEFAULT Ldap-Group == "UserGroup",Service-Type =
NAS-Prompt-User,cisco-avpair = "shell:priv-lvl=15"
is not the same as
DEFAULT Ldap-Group == "UserGroup"
Service-Type = NAS-Prompt-User,cisco-avpair =
"shell:priv-lvl=15"
After some tinkering:
DEFAULT Auth-Type:=Accept,Ldap-Group == "Infrastructure"
Service-Type=NAS-Prompt-User,cisco-avpair="shell:priv-lvl=15"
appears to work with the rest of the config, and users in the
Infrastructure group can log in, and other users cannot!
However, this means that if you're in ./users you authorize
(regardless of where I think you're going). Is there a way to
associate the users data only with a particular virtual server config?
Rick
More information about the Freeradius-Users
mailing list