Natr Brazell wrote:
> I am looking for information on grouping users into profiles/groups.
> I've searched around the FAQ's and docs but not finding a clear
> picture. I've found how to associate a user with a group of NAS's.
See "man rlm_passwd" It can be used to create arbitrary groups,
including groups of users.
> Here's the scenario. There is a specfic VSA from Juniper called
> Juniper-Local-User-Name. This gets mapped to a locally defined profile
> on the NAS. In the users file I have the following:
>
> bob.smith Juniper-Local-User-Name = "tier3",
What does that do?
> So to the point, rather than defining each user with the same parameters
> every time, can I create a group, for instance TIER3, and associate
> User-Name's above to the group. And if so how or point me to some
> specific examples.
>
> I am using LDAP also so if there is an LDAP solution same question. Howto?
Put the users into an LDAP group, and use LDAP-Group checking:
DEFAULT LDAP-Group == "tier2"
Juniper-Deny-Commands "(show system alarms)|(show system software)"
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
