[RADIATOR] Is this config possible?
Tuure Vartiainen
vartiait at open.com.au
Mon Nov 2 01:50:00 CST 2015
Hi,
> On 30 Oct 2015, at 15:51, Johnson, Neil M <neil-johnson at uiowa.edu> wrote:
>
> Can I work around this just by doing the following in my users file?
>
> .
> .
> .
> # Allow non-admin access to Wireless Controller
> DEFAULT Auth-Type = System, Client-Identifier = WirelessController, Group = WirelessUsers
> # Return NON enabled privileges attributes
>
> # Allow admin access to Wireless Controller
> DEFAULT Auth-Type = System, Client-Identifier = WirelessController, Group = WirelessAdmins
> # Return enabled privileges attributes
> AddToReply Session-Timeout=0,Callback-Number=admin
> .
> .
> .
> # Last entry reject
> DEFAULT Auth-Type = “Reject:Not Found”
>
yes, but if WirelessUsers group does not exist or is empty in /etc/group file, e.g.
WirelessUsers:x:1234:
then all authentications from WirelesssController will match to the
first DEFAULT entry above.
If you just want to authenticate WirelessAdmins, then
just add a user/users to the group to make it non-empty, e.g.
WirelessAdmins:x:1235:admin1
BR
--
Tuure Vartiainen <vartiait at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list