user groups in ldap

Aqdas Muneer aqdas.muneer at
Tue Aug 21 19:15:14 CEST 2012


I have setup freeradius with ldap lookup to authentication Cisco shell
access. As if now i have 2 groups setup in the ldap database. One is for
network admins who have full access to every device. The second group is
for support staff that only have read access to all the devices, but within
this group are some individuals who need full access to some devices. I'm
trying to figure out what will be the best way to implement this? Do i
create another group in ldap and make them members of that group (not sure
if this will work because if one group is matched the searched will be
stopped in the users file)? Do i use unlang to modify the accept-accpet
based on username and NAS-ip? i trying to keep this as hands off as
possible when it comes to management in the long run. If anyone has any
experience dealing with such an issues, your advice will be greatly

Thanks in advance for you help.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list