AD Authentication Permissions
tbrady at stc-comm.com
Fri Jan 4 22:48:24 CET 2013
I apologize if these questions have already been answered. I have scoured the internet for help, but have been unable to find what I'm looking for. Keep in mind this was the first time I have ever used linux so at the beginning of this project I was beyond newb.
I am setting up a freeRADIUS (2.1.10) server for my network. I have everything working how I want it to except for some of the permission settings. For example, when users log in to Motorola radios in my network via freeRADIUS they only receive read-only permissions. Or when a Cisco user logs in I would like for them to receive automatic #privilege level 15. I need for users to receive admin privileges. How do I accomplish this?
NOTE: I'm authenticating against active directory. So where can I configure things like "cisco-avpair = shell:priv-lvl=15, or Motorola-WIBB-Auth-Role = system-admin-role?" I understand how to configure permissions when you have individual users configured in users.conf. file. How do you configure permissions when you don't have any local users configured, but are using Active Directory?
Right now I use only one Active Directory group "Radius-Users" for authentication. If a user is part of the Radius-Users group on the AD server, then they get access. This is fine for now, but in the future I would like to set up more granular access control. I have seen a lot of talk about LDAP groups, but have not been able to find decent information on it. Ideally I would like for there to be several different user groups set up with different permissions for each. How do you accomplish this with freeRADIUS + Active Directory?
Any help would be much appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Freeradius-Users