Whitmarsh Mark (Leeds Teaching Hospitals NHS Trust) wrote:
Hi Alan,
Thanks for the simplifications - I've put those in.
I have done lots more reading and testing and found that any attribute I
check for in a group file which has type ipaddr fails. I cannot see why this
is.
When debug
@lists.freeradius.org] On
Behalf Of Alan DeKok [al...@deployingradius.com]
Sent: 07 July 2010 11:16
To: FreeRadius users mailing list
Subject: Re: Restricting certain users access to certain NAS devices
Whitmarsh Mark (Leeds Teaching Hospitals NHS Trust) wrote:
Hi Alan,
Thanks
: Restricting certain users access to certain NAS devices
Whitmarsh Mark (Leeds Teaching Hospitals NHS Trust) wrote:
Thanks Alan. I've got that bit working now.
However, I can't get my check on the NAS-IP-Address attribute to work.
I now have this config:
OK... that should configure two groups.
File
Whitmarsh Mark (Leeds Teaching Hospitals NHS Trust) wrote:
Thanks Alan. I've got that bit working now.
However, I can't get my check on the NAS-IP-Address attribute to work.
I now have this config:
OK... that should configure two groups.
File sites-enabled/default - post-auth section
@lists.freeradius.org] On
Behalf Of Alan DeKok [al...@deployingradius.com]
Sent: 27 May 2010 17:02
To: FreeRadius users mailing list
Subject: Re: Restricting certain users access to certain NAS devices
Whitmarsh Mark (Leeds Teaching Hospitals NHS Trust) wrote:
Sorry, I should have mentioned I already tried man
users access to certain NAS devices
Whitmarsh Mark (Leeds Teaching Hospitals NHS Trust) wrote:
The idea is that superusers are allowed to login to any of the 200 network
devices whilst users are only allowed to login to a subset of say 50 devices.
It's straightforward enough for the superusers
Whitmarsh Mark (Leeds Teaching Hospitals NHS Trust) wrote:
Sorry, I should have mentioned I already tried man rlm_passwd and couldn't
figure it out.
I've been through it again and have made the following changes:
1. created a file /etc/raddb/path_group
Hi All,
We are using Freeradius to authenticate network administrators when they login
to their switches and routers. The setup is working fine as follows:
User telnets to switch and enters username and password.
Switch passes authentication request to Freeradius.
Freeradius authenticates user
Whitmarsh Mark (Leeds Teaching Hospitals NHS Trust) wrote:
The idea is that superusers are allowed to login to any of the 200 network
devices whilst users are only allowed to login to a subset of say 50 devices.
It's straightforward enough for the superusers and works fine but I'm stumped
on
Quick question (I hope)...
What options do I have to limit or mask certain attributes depending
upon the NAS device?
I have approx 14 devices that need specific attributes but other devices
have issues with some optional reply attributes.
My current setup uses two LDAP instances,
What options do I have to limit or mask certain attributes depending
upon the NAS device?
unlang selectively enabling attribute filter on basis of NAS/Client IP
address.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ellis, Scott 1 (N-Comptel Inc.) wrote:
Well here is where I am.
I am using PAM.
Yes, you've said that lots. And it has nothing to do with user names,
grouping, or RADIUS client devices. It's completely irrelevant to the
problem at habd.
All I need to pull all the pieces together is one
Thanks. Got it working.
Scott
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
.org] On Behalf Of Alan DeKok
Sent: Wednesday, January 03, 2007 9:58 AM
To: FreeRadius users mailing list
Subject: Re: How to restrict users /PAM to specific NAS devices??
Ellis, Scott 1
Ellis, Scott 1 (N-Comptel Inc.) wrote:
I am using PAM for Auth-Type.
I want to be able to either 1) restrict the devices the user has access
to (admins,operators, etc) by username and/or 2) preferably carve into
groups my network gear/NAS devices and then assign users to groups.
See man
NAS devices??
Ellis, Scott 1 (N-Comptel Inc.) wrote:
I am using PAM for Auth-Type.
I want to be able to either 1) restrict the devices the user has
access to (admins,operators, etc) by username and/or 2) preferably
carve into groups my network gear/NAS devices and then assign users to
groups
Ellis, Scott 1 (N-Comptel Inc.) wrote:
I have looked it over, but I am still not clear.
What *exactly* about the documentation is not clear? You can use
rlm_passwd to make a group of anything you want.
I was thinking that I
could use huntgroups to map devices to specific groups, but then I
:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
.org] On Behalf Of Alan DeKok
Sent: Tuesday, January 02, 2007 4:12 PM
To: FreeRadius users mailing list
Subject: Re: How to restrict users /PAM to specific NAS devices??
Ellis, Scott 1 (N-Comptel Inc.) wrote:
I have looked it over, but I am still
I am using PAM for Auth-Type.
I want to be able to either 1) restrict the devices the user has access
to (admins,operators, etc) by username and/or 2) preferably carve into
groups my network gear/NAS devices and then assign users to groups.
Simply put, I would like to know what I have to do
Mitchell, Michael J [EMAIL PROTECTED] wrote:
I've already done some work to get this working, its pretty much
finished, but I'll try to do finish it off in the next couple of week...
But in the meantime I can provide some patches?
Sure, please put them on bugs.freeradius.org
I think
Sounds great mike.
I understand from what you are saying that this is just not working the way I
thought it would. I look forward to seeing your patches.
I like the sound of alans idea about hunt groups do you think you could give us
your thoughts on this. These features would be used by a lot
Alan DeKok wrote:
Mitchell, Michael J [EMAIL PROTECTED] wrote:
I've already done some work to get this working, its pretty much
finished, but I'll try to do finish it off in the next couple of week...
But in the meantime I can provide some patches?
Sure, please put them on bugs.freeradius.org
alan walters wrote:
Sounds great mike.
I understand from what you are saying that this is just not working the way I thought it would. I look forward to seeing your patches.
OK, how did you think it might work? Always willing to do things a
better way...
cheers,
Mike
-
List
I agree entirely with the huntgroups ordering.
I was considering simplifying the idea a little.
(1) Have a limited number of hunt groups and have more
Groups in the users file.
(2) for example order your ldapgroup entries my NAS.
And add the priority feature to here.(the only reason that I
I've already done some work to get this working, its pretty much
finished, but I'll try to do finish it off in the next couple of week...
But in the meantime I can provide some patches?
I think there's also been patches added to provide hooks to check for a
client in a database at authentication
I thought there where plans to be able to store NAS information in an ldap
database can anyone give me a heads up on this.
(1) is it really planned?
(2) is there any info on how it is planned to implement it. I would like to try
to plan for it now if at all possible
Regards
alan
--
No
25 matches
Mail list logo
