Alan DeKok wrote:
> If you want only groups A and B to log in, do:
>
> DEFAULT Group == A, Auth-Type = System
> ...
>
> DEFAULT Group == B, Auth-Type = System
> ...
>
> DEFAULT Auth-Type := Reject
Thanks. Here's what I done.
DEFAULT Group == router-ro, Auth-Type = System
Service-Type = NAS-Prompt-User,
cisco-avpair := "shell:priv-lvl=7"
DEFAULT Group == router-rw, Auth-Type = System
Service-Type = NAS-Prompt-User,
cisco-avpair := "shell:priv-lvl=15"
but I can't get restriction for another group "fw-group" to work.
*added to users*
DEFAULT Group == fw-group, Auth-Type = System
Huntgroup-Name == "fw-pix",
Service-Type = NAS-Prompt-User,
cisco-avpair := "shell:priv-lvl=15"
*added to huntgroups*
fw-pix NAS-IP-Address == 10.0.0.1
fw-pix NAS-IP-Address == 10.0.0.2
Group "router-ro" and "router-rw" still can login to the PIX. Can you
give me few more pointers?
Norman
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
