Hi
I am looking for a way to give different access level to cisco router based on
unix group membership. I went through the documentation but could not find a
simple (or other) way to do this.
Got a bit confused when it came to which (if at all) modules I need to include.
I tries using the hungroup file but that did not work.
Here is my users config file which will explain what I am trying to achieve
So if a user is a member of "sysops" the access level they would get is 3 and
if they are a member "netops" they will get access level 15.
DEFAULT Auth-Type := System
Fall-Through = Yes,
Group == "sysops",
Service-Type = NAS-Prompt-User,
cisco-avpair = "shell:priv-lvl=3",
#
# Huntgroup-Name == "SysOps"
#
#
DEFAULT Auth-Type := System
Group == "netops",
Service-Type = NAS-Prompt-User,
cisco-avpair = "shell:priv-lvl=15"
I also tried to define those two hungroups and use the Hungroup but is did not
do what I expect it to do.
NetOps NAS-IP-Address == xx.xx.xx.0, Group = netops
SysOps NAS-IP-Address == xx.xx.xx.0, Group = sysops
When a netops user or a sysops user login to the router they always get the
first level in the users file.
Will appreciate any help.
I can also add the debug output if you think it will help.
Thanks
Elad
----------------------------------------------------
This communication may contain CONFIDENTIAL or copyright information of M2
Telecommunications Group Ltd and its related body corporates ('M2'). If you are
not an intended recipient, you MUST NOT read, print, keep, forward, copy, use,
save, retransmit or relay this communication or any attachments, and any such
action is unauthorised and prohibited. If you have received this communication
in error, please reply to this email to notify the sender of its incorrect
delivery, and then delete both it and your reply. M2 does not guarantee the
integrity of any emails or any attached files. The views or opinions expressed
are the author's own and may not reflect the views or opinions of M2.
----------------------------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
