access level on cisco routers

Elad Shy Elad.Shy at m2.com.au
Fri Mar 23 00:42:38 CET 2012 

Hi

I am looking for a way to give different access level to cisco router based on unix group membership. I went through the documentation but could not find a simple (or other) way to do this.
Got a bit confused when it came to which (if at all) modules I need to include. I tries using the hungroup file but that did not work.
Here is my users config file which will explain what I am trying to achieve
So if a user is a member of "sysops" the access level they would get is 3 and if they are a member "netops" they will get access level 15.


DEFAULT Auth-Type := System
  Fall-Through = Yes,
  Group == "sysops",
  Service-Type = NAS-Prompt-User,
  cisco-avpair = "shell:priv-lvl=3",
#
#  Huntgroup-Name == "SysOps"
#
#
DEFAULT Auth-Type := System
  Group == "netops",
  Service-Type = NAS-Prompt-User,
  cisco-avpair = "shell:priv-lvl=15"


I also tried to define those two hungroups and use the Hungroup but is did not do what I expect it to do.
NetOps NAS-IP-Address == xx.xx.xx.0, Group = netops
SysOps NAS-IP-Address == xx.xx.xx.0, Group = sysops


When a netops user or a sysops user login to the router they always get the first level in the users file.

Will appreciate any help.
I can also add the debug output if you think it will help.


Thanks
Elad


----------------------------------------------------

This communication may contain CONFIDENTIAL or copyright information of M2 Telecommunications Group Ltd and its related body corporates ('M2'). If you are not an intended recipient, you MUST NOT read, print, keep, forward, copy, use, save, retransmit or relay this communication or any attachments, and any such action is unauthorised and prohibited. If you have received this communication in error, please reply to this email to notify the sender of its incorrect delivery, and then delete both it and your reply. M2 does not guarantee the integrity of any emails or any attached files. The views or opinions expressed are the author's own and may not reflect the views or opinions of M2.
----------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120323/2a5366db/attachment.html>

More information about the Freeradius-Users mailing list