Radius authorization

[Alan DeKok]

On Dec 1, 2020, at 11:39 PM, Bidisha Mandal <bidisham at cdot.in> wrote:
> I'm new to FreeRadius and I'm able to authenticate the client for SSH but where do I need to configure authorization assigned to a user .
> 
> In /etc/freeradius/3.0/users file I have added a user admincdot as follows -
> 
> admincdot Cleartext-Password := "123que"
>           Reply-Message := "Hello, %{User-Name}",
>           Session-Timeout := "10"

  That's good...

> Now  I want to authorize this user to perform some certain task or may be a list o command that this user is authorize to perform.  Even this Session-Timeout := "10" is not working. As I have read Radius can do this authorization stuff but don't know where to configure this.

  To do WHAT "authorization stuff"?

  The short answer is: read your NAS documentation to see what RADIUS attributes it takes.  Then, configure FreeRADIUS to send those attributes.

  We have no idea what NAS you're using, so we can't help.  And no, don't tell us which make / model of the NAS you're using.  That doesn't help.  We don't keep lists of vendor documentation, because the vendors already do that.  Just look at the vendor documentation sites.

  Alan DeKok.