Hi, > On 30 Oct 2015, at 15:51, Johnson, Neil M <neil-john...@uiowa.edu> wrote: > > Can I work around this just by doing the following in my users file? > > . > . > . > # Allow non-admin access to Wireless Controller > DEFAULT Auth-Type = System, Client-Identifier = WirelessController, Group = > WirelessUsers > # Return NON enabled privileges attributes > > # Allow admin access to Wireless Controller > DEFAULT Auth-Type = System, Client-Identifier = WirelessController, Group = > WirelessAdmins > # Return enabled privileges attributes > AddToReply Session-Timeout=0,Callback-Number=admin > . > . > . > # Last entry reject > DEFAULT Auth-Type = “Reject:Not Found” >
yes, but if WirelessUsers group does not exist or is empty in /etc/group file, e.g. WirelessUsers:x:1234: then all authentications from WirelesssController will match to the first DEFAULT entry above. If you just want to authenticate WirelessAdmins, then just add a user/users to the group to make it non-empty, e.g. WirelessAdmins:x:1235:admin1 BR -- Tuure Vartiainen <varti...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
