Hello all, I want to know if this kind of answer by RADIUS is possible: I need to authenticate some users for the switches in my network (all from 3com) and the users don't have the same access level in all switches, for example, the user1 has admin access level in SWITCH1 and don't have access for SWITCH2, but the user2 has admin access to both of them.
I have a working configuration where a user have the same access level for all switches and in this way I have a LDAP base like this: uid = user1 userPassword = teste 3Com-User-Access-Level = 3Com-Administrator I was thinking about change the configuration of my LDAP database creating a child fo each switch that the user has access and in this subtree put the level of access, making the LDAP base 'appear' like this: uid = user1 userPassword = teste / \ cn = SWITCH1 cn = SWITCH2 ....... 3com-level = admin 3com-level = level ....... Is this a good way of doing this? There are another ways? Using this way how can I put the right answer in RADIUS reply? Thanks Julio Andrade - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html