Restricting Clients and Users
omega_one at mail.com
omega_one at mail.com
Fri Sep 10 14:52:42 CEST 2010
Hi all.
I need that:
- system group A access only switch 1.1.1.1 and 1.1.1.2
- system group B access only switch 2.1.1.1 and 2.1.1.2
I created local group of users A and B and associated users
/etc/raddb/clients.conf
client 1.1.1.1 {
secret = "xxx"
shortname = switch
nastype = cisco
}
client 1.1.1.2 {
secret = "xxx"
shortname = switch
nastype = cisco
}
client 2.1.1.1 {
secret = "xxx"
shortname = switch
nastype = cisco
}
client 2.1.1.2 {
secret = "xxx"
shortname = switch
nastype = cisco
}
/etc/raddb/users
DEFAULT Group == "A", Auth-Type := PAM
Service-Type = NAS-Prompt-User,
cisco-avpair = "shell:priv-lvl=15"
DEFAULT Group == "B", Auth-Type := PAM
Service-Type = NAS-Prompt-User,
cisco-avpair = "shell:priv-lvl=15"
DEFAULT Auth-Type := Reject
How can i modify my configurations to let only A users to access switch 1.1.1.1/2 and B users access switch 2.1.1.1/2 ?
Thanks.
=
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100910/11ddec12/attachment.html>
More information about the Freeradius-Users
mailing list