Alan DeKok wrote: >> Is there a way to force only group router-ro and router-rw can login? > > Switch the entries around: > > DEFAULT Group == router-ro > Fall-Through = Yes, > cisco-avpair := "shell:priv-lvl=7" > > DEFAULT Group == router-rw > Fall-Through = Yes, > cisco-avpair := "shell:priv-lvl=15" > > DEFAULT Auth-Type = System > Service-Type = NAS-Prompt-User
This won't work, as Auth-Type = System will act as the clean-up default. All other Unix users will be able to login, except they have privilege = 1. I read through users(5) few times, not sure if there's a way that I can avoid this. Can you give more hints? Norman - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
