On 11/30/2012 01:17 AM, Murat Bilal wrote: > Can I give extra privileges to tacacs user other than from his group?
Yes. See AuthorizeGroupAttr and the previous messages on this list. Any rules returned by the attribute named with AuthorizeGroupAttr will be processed before the AuthorizeGroup rules in the configuration file. > For example user 1 belong to group 1.Group 1 deny show commands, but > only this user in group 1 have permit to execute show commands. With > this I do not need to define a new group for that user That is exactly what AuthorizeGroupAttr was designed for. Thanks, Heikki -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator