Put your users into groups and add extra entries:
DEFAULT Group == numpties
cisco-avpair := "shell:priv-lvl=1"
DEFAULT Group == supernumpties
cisco-avpair := "shell:priv-lvl=10"
These lines use := to over-rule the cisco-avpair previously set.
They do not fall through.
I personally would make the default a low privilege, with high
privilege coming from group membership.
You'll need to read up on the available mechanisms for grouping users.
> -----Original Message-----
> [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> ists.freeradius.org] On Behalf Of Norman Zhang
> Sent: Thursday, 26 April 2007 10:50
> To: firstname.lastname@example.org
> Subject: Re: User /etc/shadow for Authentication
> [EMAIL PROTECTED] wrote:
> > Login OK: [tester] (from client test-network port 1 cli 10.0.0.1)
> > Sending Access-Accept of id 27 to 10.0.0.2:1645
> > You have "got in". But you haven't returned any radius
> attributes. You
> > need to return something like Service-Type = Administrative-User or
> > NAS-Prompt-User so NAS knows what to do with the user.
> Thanks for the hint. I added the last two lines to users, now
> I can login.
> DEFAULT Auth-Type = System
> Fall-Through = 1,
> cisco-avpair = "shell:priv-lvl=15",
> Service-Type = Administrative-User
> Still trying to learn FreeRADIUS, should Fall-Through = True
> and not 1?
> How can I specify some users to have priv-lvl lower than 15,
> if default is 15?
> List info/subscribe/unsubscribe? See
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html