Elad Shy wrote: > I am looking for a way to give different access level to cisco router > based on unix group membership. I went through the documentation but > could not find a simple (or other) way to do this.
Use the Group attribute... > Got a bit confused when it came to which (if at all) modules I need to > include. I tries using the hungroup file but that did not work. See the FAQ for "it didn't work". > Here is my users config file which will explain what I am trying to achieve > > So if a user is a member of “sysops” the access level they would get is > 3 and if they are a member “netops” they will get access level 15. > > > > > > DEFAULT Auth-Type := System > Fall-Through = Yes, > Group == "sysops", > Service-Type = NAS-Prompt-User, > cisco-avpair = "shell:priv-lvl=3", That is substantially wrong. See the "man users" documentation for how the "users" file works. You probably want something like this: DEFAULT Auth-Type := System, Group == "sysops", Fall-Through = Yes Service-Type = NAS-Prompt-User, cisco-avpair = "shell:priv-lvl=3", Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html