Hi all.

I need that:
- system group A access only switch 1.1.1.1 and 1.1.1.2
- system group B access only switch 2.1.1.1 and 2.1.1.2

I created local group of users A and B and associated users

/etc/raddb/clients.conf

 client 1.1.1.1 {
                secret = "xxx"
                shortname = switch
                nastype = cisco
                }
 client 1.1.1.2 {
                secret = "xxx"
                shortname = switch
                nastype = cisco
                }
 client 2.1.1.1 {
                secret = "xxx"
                shortname = switch
                nastype = cisco
                }
 client 2.1.1.2 {
                secret = "xxx"
                shortname = switch
                nastype = cisco
                }


/etc/raddb/users

DEFAULT         Group == "A", Auth-Type := PAM
                          Service-Type = NAS-Prompt-User,
                          cisco-avpair = "shell:priv-lvl=15"

DEFAULT         Group == "B", Auth-Type := PAM
                          Service-Type = NAS-Prompt-User,
                          cisco-avpair = "shell:priv-lvl=15"

DEFAULT         Auth-Type := Reject


How can i modify my configurations to let only A users to access switch 
1.1.1.1/2 and B users access switch 2.1.1.1/2 ?

Thanks.

 


=
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to