At 11:21 AM 11/30/2009, freerad...@corwyn.net wrote:
Add to top of ./raddb/users:
DEFAULT Ldap-Group == "UserGroup",Service-Type =
NAS-Prompt-User,cisco-avpair = "shell:priv-lvl=15"
DEFAULT Auth-Type = ntlm_auth
Hmm, it looks like
DEFAULT Ldap-Group == "UserGroup",Service-Type =
NAS-Prompt-User,cisco-avpair = "shell:priv-lvl=15"
is not the same as
DEFAULT Ldap-Group == "UserGroup"
Service-Type = NAS-Prompt-User,cisco-avpair =
"shell:priv-lvl=15"
After some tinkering:
DEFAULT Auth-Type:=Accept,Ldap-Group == "Infrastructure"
Service-Type=NAS-Prompt-User,cisco-avpair="shell:priv-lvl=15"
appears to work with the rest of the config, and users in the
Infrastructure group can log in, and other users cannot!
However, this means that if you're in ./users you authorize
(regardless of where I think you're going). Is there a way to
associate the users data only with a particular virtual server config?
Rick
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html