users rights seperations

Alan DeKok aland at
Tue Jun 29 09:30:55 CEST 2010

Ömer Tuğrul wrote:
> My question is;
> How can I seperate network management authentication and internet access
> authentication rights? I mean, I don't want that some ldap users to
> console my network devices. I just want to allow them to authenticate
> internet access and some ldap users may console to devices.

  What is different in the Access-Request?

  i.e. when a normal user logs in, what does the packet look like?  When
a user logs in via the console, what does the packet look like?

  Find out the differences, and write "unlang" rules to check for them.

	if (looks like normal user) {
		do normal user things...

  Alan DeKok.

More information about the Freeradius-Users mailing list