Analyser Great wrote: > I am trying to setup a configuration where network admins have access to > all devices and users have only access to cisco vpn. I don't wanna use > local user database since I already have Ldap to authorize and Kerberos > to authenticate. > > How do you do this in your domain currently with version 2 ?
Put the network admins into a group in LDAP. Then, check the group. Logically: if asking for admin access then if !network group reject Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html