Hello everybody,
Yesterday I ran into deep problems trying to configure freeradius 0.9.0
for so called authenticated switch access (asa) which is a feature of
alcatel (formerly xylan) lan switches enabling them to query a radius
server for user authentication.
My users file looks like:
...
user2 Auth-Type := Local, User-Password == "testpw"
Alcatel-Access-Priv = "Alcatel-Read-Priv",
Alcatel-Access-Priv = "Alcatel-Write-Priv",
Alcatel-Access-Priv = "Alcatel-Admin-Priv"
...
My vendor specific dictionary file looks like:
...
ATTRIBUTE Alcatel-Access-Priv 16 integer Alcatel
VALUE Alcatel-Access-Priv Alcatel-Read-Priv 1
VALUE Alcatel-Access-Priv Alcatel-Write-Priv 2
VALUE Alcatel-Access-Priv Alcatel-Admin-Priv 3
...
My configuration seems to be working fine so far, because 'user2' is
authenticated by the radius server an can login to the device. But now
the problem arises: I need the user to get assigned all of the three
privileges that I mentioned above concurrently and not alternatively. At
the moment my user only gets read, write or admin access - the actually
assigned privilege depends on the sequence of privileges for user2 in my
users-file (only the first privilege is assigned).
Maybe there's anybody out there who got an idea of how to solve this
problem and return all of the three integer values for the attribute
'Alcatel-Access-Priv' in one radius-reply.
Thanks in advance.
Stephan
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
