On 06/03/13 11:28, Øystein Gyland wrote:
On 03/06/2013 03:21 AM, Jimmy Stewpot wrote:
Hello,
We have always had the Cisco-AVPAIR of "shell:priv-lvl=15" which has
been working for some time. With the Cisco UCS platform we need to
introduce an additional shell: variable which looks like this
"shell:roles=admin".
Your mileage may vary, but as the "Cisco-AvPair=shell:priv-lvl=15" is
equivalent to "Service-Type = Administrative-User" this might work:
DEFAULT LDAP-Group == "Network Full Access"
Service-Type := Administrative-User
Cisco-AVpair +="shell:roles=admin"
Another option is to use a Huntgroup or similar to conditionally return
specific attributes e.g.
raddb/huntgroups:
NXOS NAS-IP-Address == 192.0.2.1
NXOS NAS-IP-Address == 192.0.2.2
IOS NAS-IP-Address == 192.0.2.3
raddb/users:
DEFAULT Huntgroup-Name == NXOS, Ldap-Group == "Network Full Access"
Cisco-AVPAIR = "shell:roles=admin"
DEFAULT Huntgroup-Name == IOS, Ldap-Group == "Network Full Access"
Cisco-AVPAIR = "shell:priv-lvl=15"
The "huntgroups" file is read by the "preprocess" module IIRC so make
sure that module is loaded. You can of course use something other than
huntgroups - anything that identifies what type of NAS it is (e.g. an
SQL lookup, LDAP, etc.)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
