Specific, complicated, detailed user rights possibility?
Alan DeKok
aland at deployingradius.com
Mon Sep 14 18:47:55 CEST 2015
On Sep 14, 2015, at 3:35 AM, Mart Pirita <mart at e-positive.ee> wrote:
> 1) As radius in acting proxy for ldap, then authentication is done by ldap, so rim_password is not used for that. You suggested, that rim_password should be used for groups, so I will set up files and list there:
> a) List 1, users who can access 1-100 switches
> b) List 2, switches which users from list 1 can access ro
> c) Lisa 3, switches which users from list 1 can access rw
Yes. The "passwd" module can manage lists of users in groups.
> 2) Or can I use unlang to read users, switches from external file?
No.
> 3) Have You seen any similar unlang config example based my needs? I did search, found none:( It's hard to start form the scratch.
There is no example of "do everything I want". You MIUST put the pieces together yourself.
In this case, it's simple. There ARE examples of setting up groups using rlm_passwd. So... use that to set up groups. Then, do group checking in "unlang".
Alan DeKok.
More information about the Freeradius-Users
mailing list