On Thursday 19 October 2006 08:20, Maestro_Ba wrote:
>
>
> user1Auth-Type := System
>Service-Type = Shell-User,
>cisco-avpair = "shell:priv-lvl=15"
>
> However, now I have other manufacturers' devices in my network, namely
> Alcatel, Enterasys and Nortel.
> I want this user to be able to authenticate in any device, and with high
> privilege levels, if possible.
> As it is right now, an error occurs in non-cisco equipment (because of
> "cisco-avpair").
>
> Can anyone tell me:
> 1 - How to configure file?
> 2 - How to configure the different devices?
>
> Thanks a lot, any information will be very helpful!
> Maestro_Ba
One option is to use huntgroups to identify the class of each NAS device on
your network. In your users file, you can match the user with the specific
huntgroup and configure attributes to be returned.
-- huntgroups --
cisco NAS-IP-Address == A.B.C.D
cisco NAS-IP-Address == G.H.I.J
nortel NAS-IP-Address == W.X.Y.Z
-- end huntgroups --
-- users --
user1Huntgroup-Name == "cisco", Auth-Type := System
Service-Type = Shell-User,
cisco-avpair = "shell:priv-lvl=15"
user1Huntgroup-Name == "nortel", Auth-Type := System
... Nortel specific attributes ...
-- end users --
Kevin Bonner
pgp1ngFwwofv4.pgp
Description: PGP signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html