Specific, complicated, detailed user rights possibility?

Alan DeKok aland at deployingradius.com
Mon Sep 14 18:47:55 CEST 2015


On Sep 14, 2015, at 3:35 AM, Mart Pirita <mart at e-positive.ee> wrote:
> 1) As radius in acting proxy for ldap, then authentication is done by ldap, so rim_password is not used for that. You suggested, that rim_password should be used for groups, so I will set up files and list there:
> a) List 1, users who can access 1-100 switches
> b) List 2, switches which users from list 1 can access ro
> c) Lisa 3, switches which users from list 1 can access rw

  Yes.  The "passwd" module can manage lists of users in groups.

> 2) Or can I use unlang to read users, switches from external file?

  No.

> 3) Have You seen any similar unlang config example based my needs? I did search, found none:( It's hard to start form the scratch.

  There is no example of "do everything I want".  You MIUST put the pieces together yourself.

  In this case, it's simple.  There ARE examples of setting up groups using rlm_passwd.  So... use that to set up groups.  Then, do group checking in "unlang".

  Alan DeKok.




More information about the Freeradius-Users mailing list