Ok .. what would the corresponding entry in the users file look like? The attribute reported in radacct details is Attr-130482178, but I don't see any attribute style information in the debug output during the auth phase when I enable radius authentication on the router.
Cheers, Tom Alan DeKok wrote: >Thomas Keitel <[EMAIL PROTECTED]> wrote: > >>Is there an FAQ or doc that references how to use freeradius with >>routers? >> > > I don't think so. But if the router speaks RADIUS, then it doesn't >matter if it's a router, a NAS, or a desktop box. It's just a RADIUS >client. > >>In particular, I am looking for a way to use freeradius to >>control enable access on a foundry switch. Right now, if I set up the >>foundry to use radius to authenticate the enable command, any user who >>can authenticate via radius can enable. I would like to have two groups >>of users: 1 group that can login but not enable and 1 group that can >>login and enable. >> > > RADIUS doesn't have the concept of groups, but Unix does. You can >use Unix groups in the server. > >>I guess I am also hoping to get radiusd to auth/reject >>based on specific attribute strings that are passed when the auth >>request is made. >> > > Uh, yes. That's what it's for. > > See 'raddb/users' > > Alan DeKok. > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
