[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: RE: Cisco Access Levels (Solution)
From: Robert LaGrasse <rlagrasse () tsiconnections ! com>
Date: 2003-07-31 14:36:48
[Download RAW message or body]
I was looking more for how to setup the server itself, but I figured that
out. For those interested, here is the complete solution. In my particular
situation, I needed different access permissions for the network engineering
and network operations groups...
On the cisco side (very basic setup):
aaa new-model
aaa authentication login console radius [pick backup method!]
aaa authorication exec radius [pick backup method]
line con 0
login authentication console
line vty 0 4
login authentication console
line aux 0
login authentication console
/usr/local/etc/raddb/users file:
DEFAULT Group == "neteng", Auth-Type := System
Service-Type = Shell-User,
cisco-avpair = "shell:priv-lvl=15"
DEFAULT Group == "netops", Auth-Type := System
Service-Type = Shell-User,
cisco-avpair = "shell:priv-lvl=1"
On the server itself:
Setup a group called neteng, and assign engineers to this group.
Setup a group called netops, and assign operations people to this group.
------------------
> > Hi All:
> >
> > I didn't see this in the FAQ, but I'm sure someone has done this before:
> >
> > I want to set the server up to authenticate/authorize telnet access
> against
> > the local linux user database. I need one group of users to have regular
> old
> > login access, and the other to have priviledge level (15) access.
> >
> > If there is an example of this somewhere, just point the way.
> >
> > I'm a newbie here, so please be gentle :) Thanks in advance for your
help.
> >
> > -B
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic