Ranner, Frank MR wrote:
> Put your users into groups and add extra entries:
> 
> DEFAULT Group == numpties
>       cisco-avpair := "shell:priv-lvl=1"
> 
> DEFAULT Group == supernumpties
>       cisco-avpair := "shell:priv-lvl=10"
> 
> Notes:
> These lines use := to over-rule the cisco-avpair previously set.
> They do not fall through.
> I personally would make the default a low privilege, with high 
> privilege coming from group membership. 
> 
> You'll need to read up on the available mechanisms for grouping users.

Thanks. I edited users with the following entries

DEFAULT Auth-Type = System
        Fall-Through = 1,
        cisco-avpair = "shell:priv-lvl=1",
        Service-Type = Administrative-User

DEFAULT Group == user-ro
        cisco-avpair := "shell:priv-lvl=7"

DEFAULT Group == user-rw
        cisco-avpair := "shell:priv-lvl=15"

but all users still get privilege level 15 access. Something wrong with 
my config?

Norman

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to