Yes, they can. They are not restricted in any way. Group fw-group is
restricted only to 10.0.0.1 and 10.0.0.2. If you want to stop other
groups from logging in there make huntgroups like this:
fw-pix NAS-IP-Address == 10.0.0.1
Group = fw-group
fw-pix NAS-IP-Address == 10.0.0.2
Norman Zhang wrote:
This won't work, as Auth-Type = System will act as the clean-up default.
All other Unix users will be able to login, except they have privilege =
1. I read through users(5) few times, not sure if there's a way that I
can avoid this. Can you give more hints?
If you
Alan DeKok wrote:
If you want only groups A and B to log in, do:
DEFAULT Group == A, Auth-Type = System
...
DEFAULT Group == B, Auth-Type = System
...
DEFAULT Auth-Type := Reject
Thanks. Here's what I done.
DEFAULT Group == router-ro, Auth-Type = System
Norman Zhang wrote:
I have the following setup for users
DEFAULT Auth-Type = System
Fall-Through = Yes,
cisco-avpair = shell:priv-lvl=1,
Service-Type = NAS-Prompt-User
DEFAULT Group == router-ro
cisco-avpair := shell:priv-lvl=7
DEFAULT Group == router-rw
Alan DeKok wrote:
Is there a way to force only group router-ro and router-rw can login?
Switch the entries around:
DEFAULT Group == router-ro
Fall-Through = Yes,
cisco-avpair := shell:priv-lvl=7
DEFAULT Group == router-rw
Fall-Through = Yes,
cisco-avpair :=
Add a huntgroup:
onlythem NAS-IP-Address == a.b.c.d, Service-Type == admin or prompt
Group = router-ro,
Group = router-rw
Ivan Kalik
Kalik Informatika ISP
Dana 2/5/2007, Norman Zhang [EMAIL PROTECTED] piše:
Alan DeKok wrote:
Is there a way to force only
I have the following setup for users
DEFAULT Auth-Type = System
Fall-Through = Yes,
cisco-avpair = shell:priv-lvl=1,
Service-Type = NAS-Prompt-User
DEFAULT Group == router-ro
cisco-avpair := shell:priv-lvl=7
DEFAULT Group == router-rw
cisco-avpair :=
-Original Message-
From:
[EMAIL PROTECTED]
eradius.org
[mailto:[EMAIL PROTECTED]
ists.freeradius.org] On Behalf Of Norman Zhang
Sent: Wednesday, 2 May 2007 13:08
To: freeradius-users@lists.freeradius.org
Subject: Default Authentication
I have the following setup for users
Hi all,
I am trying to set FreeRADIUS up to manage access through a bunch of
HP 420wl wireless access points...
My first problem is this... I want any devices that I know about (ie
have their MAC addresses) to join 1 VLAN, wheras if I do not have their
addresses thay join a different VLAN...
9 matches
Mail list logo