access level on cisco routers
Alan DeKok
aland at deployingradius.com
Fri Mar 23 13:09:38 CET 2012
Elad Shy wrote:
> I am looking for a way to give different access level to cisco router
> based on unix group membership. I went through the documentation but
> could not find a simple (or other) way to do this.
Use the Group attribute...
> Got a bit confused when it came to which (if at all) modules I need to
> include. I tries using the hungroup file but that did not work.
See the FAQ for "it didn't work".
> Here is my users config file which will explain what I am trying to achieve
>
> So if a user is a member of “sysops” the access level they would get is
> 3 and if they are a member “netops” they will get access level 15.
>
>
>
>
>
> DEFAULT Auth-Type := System
> Fall-Through = Yes,
> Group == "sysops",
> Service-Type = NAS-Prompt-User,
> cisco-avpair = "shell:priv-lvl=3",
That is substantially wrong. See the "man users" documentation for
how the "users" file works.
You probably want something like this:
DEFAULT Auth-Type := System, Group == "sysops", Fall-Through = Yes
Service-Type = NAS-Prompt-User,
cisco-avpair = "shell:priv-lvl=3",
Alan DeKok.
More information about the Freeradius-Users
mailing list