[RADIATOR] user and group attributes

Heikki Vatiainen hvn at open.com.au
Fri Nov 30 04:28:47 CST 2012


On 11/30/2012 01:17 AM, Murat Bilal wrote:
> Can I give extra privileges to tacacs user other than from his group?

Yes. See AuthorizeGroupAttr and the previous messages on this list. Any
rules returned by the attribute named with AuthorizeGroupAttr will be
processed before the AuthorizeGroup rules in the configuration file.

> For example user 1 belong to group 1.Group 1 deny show commands, but
> only this user in group 1 have permit to execute show commands. With
> this I do not need to define a new group for that user

That is exactly what AuthorizeGroupAttr was designed for.

Thanks,
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list