I seem to be missing something. how should the values be defined in the users file to achieve the specification below. Should I separate the Cisco routers and the 3Com switches in the huntgroups file? Is it permissible for there to be multiple Vendors Vendor-Specific values on a "users" entry re:
DEFAULT Service-Type == Administrative-User, Autz-Type := ADMINS, Auth-Type := Kerberos Service-Type = Administrative-User, 3com = 3Com-Administrator, Cisco-AVPair = "xxx:whatever=3", Fall-Through = no 3Com Vendor Specific Attribute The default user levels on the Switch (monitor, manager, admin) are supported by a 3Com Vendor Specific Attribute (VSA). The Vendor-ID for 3Com is 43. You must configure the RADIUS server to send this attribute in the Access-Accept message in order to specify the access level required for each user account. The configurable attribute values are: Monitor (1) the user can view all manageable parameters, except special/security features, but cannot change any manageable parameters. Manager (2) the user can access and change the operational parameters but not special/security features. Administrator (3) the user can access and change all manageable parameters. The attribute body consists of a 3Com Vendor type (1), Vendor data length (6) and the Vendor data (4 octet integer containing the access level value), as shown in Figure 25. Figure 25 3Com Vendor Specific Attribute 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type=26 | Length=12 | Vendor-Id = 3Com (43) +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Vendor-Id (cont) | 3Com type = 1 | Length = 6 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | User-Access-Level | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ radiusd is receiving: User-Name = "klg" User-Password = "12345678" NAS-Port-Type = Virtual NAS-IP-Address = 111.111.11.111 Service-Type = Administrative-User Framed-MTU = 1024 Calling-Station-Id = "123.123.123.123" Message-Authenticator = 0x3ddf5a8a5d1177f4277dcd8ccc451b8a Client-IP-Address = 123.123.123.124 It's authorizing, authenticating, and replying with Packet-Type = Access-Accept Service-Type = Administrative-User - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html