[RADIATOR] Multiple levels of priveleges based on UNIX group membership?
Heikki Vatiainen
hvn at open.com.au
Mon Feb 17 20:11:08 UTC 2020
On 13.2.2020 21.02, Johnson, Neil M wrote:
> Is the following snippet radius.cfg and users file workable?
I have not tested it yet, but I thought I'd mention a couple of examples
from goodies right away.
> The goal is to have users authenticate with a unix account and then
> based on their unix group membership, assign different privilege levels
> to the switch CLI (cisco).
You may also want to see authorize-group1.cfg and authorize-group2.cfg
in goodies in case you would be interested in using something else than
unix accounts. This is not to say your configuration does not work, but
they might be useful to see because there were group authorisation
updates in release 4.20:
- GroupFilename config parameter was added for AuthBy FILE; and
- a completely new check item Group-Authorization was added
These are mentioned in version history too. See changes for 4.20:
https://open.com.au/radiator/history.html
Thanks,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.
More information about the radiator
mailing list