users rights seperations

Alan DeKok aland at deployingradius.com
Tue Jun 29 09:30:55 CEST 2010


Ömer Tuğrul wrote:
> My question is;
> How can I seperate network management authentication and internet access
> authentication rights? I mean, I don't want that some ldap users to
> console my network devices. I just want to allow them to authenticate
> internet access and some ldap users may console to devices.

  What is different in the Access-Request?

  i.e. when a normal user logs in, what does the packet look like?  When
a user logs in via the console, what does the packet look like?

  Find out the differences, and write "unlang" rules to check for them.

	if (looks like normal user) {
		do normal user things...
	}

  Alan DeKok.



More information about the Freeradius-Users mailing list