Hello-
I have a user setup in my user files with three different access levels.
bennettj Auth-Type := System, Huntgroup-Name == "isp"
Service-Type = NAS-Prompt-User,
cisco-avpair = "shell:priv-lvl=5",
Juniper-Local-User-Name = "op"
bennettj Auth-Type := System, Huntgroup-Name == "core"
Service-Type = NAS-Prompt-User,
cisco-avpair = "shell:priv-lvl=10"
bennettj Auth-Type := System, Huntgroup-Name == "site"
Service-Type = NAS-Prompt-User,
cisco-avpair = "shell:priv-lvl=15"
huntgroups have regexs of corresponding IPs of our routers, switches.
When this user logs into a 'site', the debug shows a match, but the wrong
attribute seems to be pushed back?
Login OK: [bennettj] (from client sites port 2 cli 205.213.108.100)
Sending Access-Accept of id 67 to 140.189.108.6:1645
Service-Type = NAS-Prompt-User
Cisco-AVPair = "shell:priv-lvl=10"
For obviously security reasons I'd prefer not to publish my huntgroups file,
but if it's deemed important for troubleshooting, I'll provide it.
Has anyone seen something like this? Does it look like a bug or a
misconfiguration? I've heard from users that it doesn't happen for every
site, but it does happen consistently for the same sites.
-Michael
============================W=========
Michael Hare
UW-Madison/WiscNet Network Engineering
Desk: (608) 262-5236
24 Hr Noc: (608) 263-4188
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
