Re: Foundry command authorization help
Title: Re: Foundry command authorization help They came with both versions I have tried, 0.91 and 0.93. They were in /usr/share/freeradius folder. Ted On Fri, 2003-11-21 at 12:43, Chris Parker wrote: > At 11:23 AM 11/21/2003, Dave Mussulman wrote: > > >First, the Foundry dictionary file that comes with FreeRADIUS doesn't > >have those attributes, so you'll need to edit it. What you need to add > >is pretty straightforward in Foundry's docs. (I'll submit my dictionary > >file to the project when I'm sure it's got everything; I just added some > >stuff for their management software yesterday.) > > Patch please? Or list of the AV's? If no one reports it, it won't get > included in later versions either. > > -Chris > -- > \\\|||/// \ StarNet Inc. \ Chris Parker > \ ~ ~ / \ WX *is* Wireless! \ Director, Engineering > | @ @ | \ http://www.starnetwx.net \ (847) 963-0116 > oOo---(_)---oOo--\-- > \ Wholesale Internet Services - http://www.megapop.net > DISCLAIMER e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me and permanently delete the original and any copy of any e-mail and any printout thereof. E-mail transmission cannot be guaranteed to be secure or error-free. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. REGARDING PRIVACY AND CONFIDENTIALITY Crown Financial Group may, at its discretion, monitor and review the content of all e-mail communications.
Re: Foundry command authorization help
At 11:23 AM 11/21/2003, Dave Mussulman wrote: First, the Foundry dictionary file that comes with FreeRADIUS doesn't have those attributes, so you'll need to edit it. What you need to add is pretty straightforward in Foundry's docs. (I'll submit my dictionary file to the project when I'm sure it's got everything; I just added some stuff for their management software yesterday.) Patch please? Or list of the AV's? If no one reports it, it won't get included in later versions either. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Foundry command authorization help
> From: "Kaczmarek, Thaddeus" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Foundry command authorization help > Date: Fri, 21 Nov 2003 11:21:00 -0500 > Reply-To: [EMAIL PROTECTED] > > This message is in MIME format. Since your mail reader does not understand > this format, some or all of this message may not be legible. > > --_=_NextPart_001_01C3B04B.734D7E00 > Content-Type: text/plain > > I am having some issues with command authorization. Foundry has a > Foundry-Command-String attribute and suspect I am just a chucklehead :-) > > Syntax should be > > Foundry-Command-String = "configure terminal", > Foundry-Command-String = "int ethernet 20", > Foundry-Command-String = "speed-duplex *", > > or > Foundry-Command-String = "configure terminal, int ethernet 20, > speed-duplex *", > > I have tried both but am suspecting that Foundry does not support what I > think they do :-) > > They have authorization levels 0,4 and 5. But in the cli you can only > enter one. I am used to Cisco where you can have multiple ones hence my > despair. First, the Foundry dictionary file that comes with FreeRADIUS doesn't have those attributes, so you'll need to edit it. What you need to add is pretty straightforward in Foundry's docs. (I'll submit my dictionary file to the project when I'm sure it's got everything; I just added some stuff for their management software yesterday.) Second, you'll need to give the user the appropriate priviledge level, and use the command-exception-flag VSA to tell it to only allow those commands. And then, list all the commands comma-separated in the foundry-command-string attribute. What's below works for me: maint Crypt-Password == "junk" foundry-privilege-level = 0, foundry-command-string = "copy running-config *; enable", foundry-command-exception-flag = 0 This is with a FastIron 1500 running 07.6.03hT51. Good luck, Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
