Put your users into groups and add extra entries: DEFAULT Group == numpties cisco-avpair := "shell:priv-lvl=1"
DEFAULT Group == supernumpties cisco-avpair := "shell:priv-lvl=10" Notes: These lines use := to over-rule the cisco-avpair previously set. They do not fall through. I personally would make the default a low privilege, with high privilege coming from group membership. You'll need to read up on the available mechanisms for grouping users. Regards, Frank Ranner > -----Original Message----- > From: > [EMAIL PROTECTED] > eradius.org > [mailto:[EMAIL PROTECTED] > ists.freeradius.org] On Behalf Of Norman Zhang > Sent: Thursday, 26 April 2007 10:50 > To: freeradius-users@lists.freeradius.org > Subject: Re: User /etc/shadow for Authentication > > [EMAIL PROTECTED] wrote: > > Login OK: [tester] (from client test-network port 1 cli 10.0.0.1) > > Sending Access-Accept of id 27 to 10.0.0.2:1645 > > > > You have "got in". But you haven't returned any radius > attributes. You > > need to return something like Service-Type = Administrative-User or > > NAS-Prompt-User so NAS knows what to do with the user. > > Thanks for the hint. I added the last two lines to users, now > I can login. > > DEFAULT Auth-Type = System > Fall-Through = 1, > cisco-avpair = "shell:priv-lvl=15", > Service-Type = Administrative-User > > Still trying to learn FreeRADIUS, should Fall-Through = True > and not 1? > How can I specify some users to have priv-lvl lower than 15, > if default is 15? > > Norman > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html