Analyser Great wrote:
> I am trying to setup a configuration where network admins have access to
> all devices and users have only access to cisco vpn. I don't wanna use
> local user database since I already have Ldap to authorize and Kerberos
> to authenticate.
>
> How do you do this in your domain currently with version 2 ?
Put the network admins into a group in LDAP. Then, check the group.
Logically:
if asking for admin access then
if !network group
reject
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
