Michał Dopierała wrote:
> It is possible in freeradius to have one user who has full privilege
> level to one equipment (one cisco router privilege lvl15), and limited
> privilege level to other equipment (other router with smaller privilege
> e.g. lvl10 which will be configured on router)?
Yes.
> How to separate it?
How are the requests different? Use that information to separate the
policies for the two routers.
> My current configuration of users:
>
> mdopierala Auth-Type := PAP, Crypt-Password = "passwrd"
DON'T set Auth-Type. Honestly. This should be written in huge
letters everywhere on all of the documentation.
> Service-Type = "Administrative-User",
> Cisco-AVPair="shell:priv-lvl=15",
> Brocade-Auth-Role ="Administrator"
And it doesn't contain any *conditional* checks for different clients.
You could do:
mdopierala Packet-Src-IP-Address == 192.168.1.1, Cleartext-Password := ...
...
i.e. check for NAS IP, and return different results based on that.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
