best practice for user permissions
Samuel LEFOL
samuel.lefol at univ-lorraine.fr
Wed Jun 27 11:28:51 CEST 2018
Hello,
I'm using freeradius 3.0.12 with rlm_ldap authentication.
I configured it as suggested in README:
authorize {
...
ldap
if ((ok || updated) && User-Password) {
update control {
Auth-Type := ldap
}
}
...
}
authenticate {
...
Auth-Type ldap {
ldap
}
...
}
I wonder what is the best practice for user permissions.
1. in users file :
DEFAULT Auth-Type := ldap, LDAP-Group == "reseau"
cisco-avpair :="shell:priv-lvl=15"
DEFAULT Auth-Type := Reject
OR
2. in post-auth section
if (LDAP-Group == "reseau") {
update reply {
cisco-avpair :="shell:priv-lvl=15"
}
}
else {
reject
}
Could someone give me an explanation of the best way to go ?
Best regards,
Sam
More information about the Freeradius-Users
mailing list