Hi all.
I need that:
- system group A access only switch 1.1.1.1 and 1.1.1.2
- system group B access only switch 2.1.1.1 and 2.1.1.2
I created local group of users A and B and associated users
/etc/raddb/clients.conf
client 1.1.1.1 {
secret = "xxx"
shortname = switch
nastype = cisco
}
client 1.1.1.2 {
secret = "xxx"
shortname = switch
nastype = cisco
}
client 2.1.1.1 {
secret = "xxx"
shortname = switch
nastype = cisco
}
client 2.1.1.2 {
secret = "xxx"
shortname = switch
nastype = cisco
}
/etc/raddb/users
DEFAULT Group == "A", Auth-Type := PAM
Service-Type = NAS-Prompt-User,
cisco-avpair = "shell:priv-lvl=15"
DEFAULT Group == "B", Auth-Type := PAM
Service-Type = NAS-Prompt-User,
cisco-avpair = "shell:priv-lvl=15"
DEFAULT Auth-Type := Reject
How can i modify my configurations to let only A users to access switch
1.1.1.1/2 and B users access switch 2.1.1.1/2 ?
Thanks.
=
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
