Re: 3com problem with service-type
Didn't you ask this question before, and get a response? What was wrong with the previous solution? Hi Alan, This was your response some time ago: I don't think that will work. You're allowed ONE Service-Type in a response. You have to configure the server to send Service-Type = 6 for one NAS, and 7 for another. You will need two different entries in the users file. Alan DeKok. By doing this I should have in the users files for each user an account for every NAS. And I have a lot of switches and Routers, so thats why I didnt want to populate too much the users file. It didn't seemed too logic. Using huntgroups would look more logic to me. I'll try to use this matching in the huntgroup file proposed by Phil Mayers. Thanks guys, Nuno - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
3com problem with service-type
Hi guys, I have a lot of hp switches and a lot of 3com switches. I have users that I want them to have Administrator privilege and others that will have NAS-Prompt privilege. So, my users files should be like this, so it can work for both brands: userA Password = pass Service-Type = 7, 3Com-User-Access-Level = 1 userB Password = pass Service-Type = 6, 3Com-User-Access-Level = 3 The problem is that 3COM doesnt accept a service-type =7! It only accepts Service-Type = 6! So the 3COM rejects the access-accept from RADIUS for userA. I know that I can use huntgroups and create for each huntgroup a different account for the same user with different attributes, but I dont want to use huntgroups because I already use it for Mac-address authentication (and apparently a same NAS-IP-Address cannot belong to more than 1 huntgroup as RADIUS returns the first huntgroup that matches the NAS-IP-Address). Does anyone has a solution for my problem? Thanks, Nuno - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
3com problem with service-type
Hi guys, I have a lot of hp switches and a lot of 3com switches. I have users that I want them to have Administrator privilege and others that will have NAS-Prompt privilege. So, my users files should be like this, so it can work for both brands: userA Password = pass Service-Type = 7, 3Com-User-Access-Level = 1 userB Password = pass Service-Type = 6, 3Com-User-Access-Level = 3 The problem is that 3COM doesnt accept a service-type =7! It only accepts Service-Type = 6! So the 3COM rejects the access-accept from RADIUS for userA. I know that I can use huntgroups and create for each huntgroup a different account for the same user with different attributes, but I dont want to use huntgroups because I already use it for Mac-address authentication (and apparently a same NAS-IP-Address cannot belong to more than 1 huntgroup as RADIUS returns the first huntgroup that matches the NAS-IP-Address). Does anyone has a solution for my problem? Thanks, Nuno - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
3com problem with service-type
Hi guys, I have a lot of hp switches and a lot of 3com switches. I have users that I want them to have Administrator privilege and others that will have NAS-Prompt privilege. So, my users files should be like this, so it can work for both brands: userA Password = pass Service-Type = 7, 3Com-User-Access-Level = 1 userB Password = pass Service-Type = 6, 3Com-User-Access-Level = 3 The problem is that 3COM doesnt accept a service-type =7! It only accepts Service-Type = 6! So the 3COM rejects the access-accept from RADIUS for userA. I know that I can use huntgroups and create for each huntgroup a different account for the same user with different attributes, but I dont want to use huntgroups because I already use it for Mac-address authentication (and apparently a same NAS-IP-Address cannot belong to more than 1 huntgroup as RADIUS returns the first huntgroup that matches the NAS-IP-Address). Does anyone has a solution for my problem? Thanks, Nuno - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Defining different Service-Types for different equipment for the same user
Alan DeKok wrote: Nuno Cervaens [EMAIL PROTECTED] wrote: My problem is that when a user logs in to an Enterasys SSR with the Service-Type = Administrative, it goes immediately to the configure mode, and I dont want that, just the enable mode. I presume this is a documented Enterasys feature. If not, file a bug with them. Yes its a SSR feature, so I cannot change this. So for a user that has Serv.Type = Administrative I would like to specifically define for the SSRs the Service-Type as NAS-Prompt (which goes to enable mode, equivalent for Administrative for CISCO that goes as well to enable mode for example). I'm not sure what you mean by that. You can define what you want, but what do you want to put in what packet? Here's an example for what it would be a perfect solution: userOne Crypt-Password == $1$GYuKhumy$wUkW0ZvClTCi86kkkgJBw. Service-Type = 6 Service-Type = 7 (for the SSRs) userTwo Crypt-Password == $1$ASD#$SDGYuKhasdcasdcasdumy$wUk. Service-Type = 7 Service-Type = 1 (for the SSRs) So, userOne would log in as Administrative in all routers and as NAS-Prompt for the SSRs, userTwo would log in as NAS-Prompt in all routers and as Login for the SSRs. The reason I want this is because for the same Service-Type I have different behaviors from the equipments. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Defining different Service-Types for different equipment for the same user
Hi, I have to install a Radius Server that is going to authenticate and autorize users in the CLI of a mix of router brands and switches. The server will have a bunch of users that will have defined the Service-Type Administrative or NAS-Prompt. My problem is that when a user logs in to an Enterasys SSR with the Service-Type = Administrative, it goes immediately to the configure mode, and I dont want that, just the enable mode. So for a user that has Serv.Type = Administrative I would like to specifically define for the SSRs the Service-Type as NAS-Prompt (which goes to enable mode, equivalent for Administrative for CISCO that goes as well to enable mode for example). Do you know the best way to implement this? Thanks, Nuno - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html