Freeradius privilege separation
Alan DeKok
aland at deployingradius.com
Fri May 14 18:13:37 CEST 2010
Michał Dopierała wrote:
> Thanks for response!
>
> So, users file can look like this:
Yes.
> ========================users=====================================
>
> mdopierala Packet-Src-IP-Address == 192.168.1.1, Crypt-Password =
> "some_hash"
It's NOT a hash. It's a password.
> This way user mdopierala will have priv-lvl=15 to router1 and priv-lvl=1
> to router2?
Yes.
> I have a lot of users and clients in my environment(a lot of
> network equipments and administrators). Can I make any groups of this
> users and clients and then make policies to this groups?
Yes. See "man rlm_passwd" for examples of making groups.
> This way I
> could add new users to this groups apart from making separate policies.
> Unfortunately I work on producing environment and I can't make as many
> test as I wish.
If you don't test it, it won't work.
Alan DeKok.
More information about the Freeradius-Users
mailing list