Re: Default Authentication

Yes, they can. They are not restricted in any way. Group fw-group is restricted only to 10.0.0.1 and 10.0.0.2. If you want to stop other groups from logging in there make huntgroups like this: fw-pix NAS-IP-Address == 10.0.0.1 Group = fw-group fw-pix NAS-IP-Address == 10.0.0.2

Re: Default Authentication

Norman Zhang wrote: This won't work, as Auth-Type = System will act as the clean-up default. All other Unix users will be able to login, except they have privilege = 1. I read through users(5) few times, not sure if there's a way that I can avoid this. Can you give more hints? If you

Re: Default Authentication

Alan DeKok wrote: If you want only groups A and B to log in, do: DEFAULT Group == A, Auth-Type = System ... DEFAULT Group == B, Auth-Type = System ... DEFAULT Auth-Type := Reject Thanks. Here's what I done. DEFAULT Group == router-ro, Auth-Type = System

Re: Default Authentication

Norman Zhang wrote: I have the following setup for users DEFAULT Auth-Type = System Fall-Through = Yes, cisco-avpair = shell:priv-lvl=1, Service-Type = NAS-Prompt-User DEFAULT Group == router-ro cisco-avpair := shell:priv-lvl=7 DEFAULT Group == router-rw

Re: Default Authentication

Alan DeKok wrote: Is there a way to force only group router-ro and router-rw can login? Switch the entries around: DEFAULT Group == router-ro Fall-Through = Yes, cisco-avpair := shell:priv-lvl=7 DEFAULT Group == router-rw Fall-Through = Yes, cisco-avpair :=

Re: Default Authentication

Add a huntgroup: onlythem NAS-IP-Address == a.b.c.d, Service-Type == admin or prompt Group = router-ro, Group = router-rw Ivan Kalik Kalik Informatika ISP Dana 2/5/2007, Norman Zhang [EMAIL PROTECTED] piše: Alan DeKok wrote: Is there a way to force only

Default Authentication

I have the following setup for users DEFAULT Auth-Type = System Fall-Through = Yes, cisco-avpair = shell:priv-lvl=1, Service-Type = NAS-Prompt-User DEFAULT Group == router-ro cisco-avpair := shell:priv-lvl=7 DEFAULT Group == router-rw cisco-avpair :=

RE: Default Authentication [SEC=UNCLASSIFIED]

-Original Message- From: [EMAIL PROTECTED] eradius.org [mailto:[EMAIL PROTECTED] ists.freeradius.org] On Behalf Of Norman Zhang Sent: Wednesday, 2 May 2007 13:08 To: freeradius-users@lists.freeradius.org Subject: Default Authentication I have the following setup for users

Problems with users file and DEFAULT authentication

Hi all, I am trying to set FreeRADIUS up to manage access through a bunch of HP 420wl wireless access points... My first problem is this... I want any devices that I know about (ie have their MAC addresses) to join 1 VLAN, wheras if I do not have their addresses thay join a different VLAN...