User Manual LTU Orion 3
39
3.2.2.9.3 RADIUS Server setup with defined Service-Type Attribute
Alternatively, we can setup the freeradius server with Service-Type Attribute. Currently the
following Service-types are supported:
• Type 6: Administrative; modem grants access equal to FlexDSL-Rights = ALL
• Type 7: NAS Prompt; modem grants access equal to FlexDSL-Rights += TEST, += STATUS
User configuration. File users
User records are in /etc/freeradius/users
# Orion3 User with Administration rights
ORION3ADMIN Cleartext-Password := "AdminPass"
Framed-IP-Address = 192.168.169.0,
Framed-IP-Netmask = 255.255.255.0,
Service-Type = Administrative-user
# Orion3 User with Read-only rights
ORION3OPERATOR Cleartext-Password := "OperatorPass"
Framed-IP-Address = 192.168.169.0,
Framed-IP-Netmask = 255.255.255.0,
Service-Type = NAS-Prompt-user
NOTE: Don`t forget to restart freeradius server after changing configuration using
sudo service freeradius restart command.
3.2.2.9.4 Configuring User Access Rights
The <Vendor-Specific> or <FlexDSL-Rights> or <Service-Type> field in RADIUS configuration
tells the client what access rights the user has. It is possible to grant or discard access to various
commands and menu items of the modem device. All commands of the CLI are divided into 3
levels. Selection of upper level means that the commands from low levels will be selected too.
Some commands are available for every user, they can’t be revoked.
Privileges
Commands of
this level are
available for
everyone. No
additional
authorization is
required
ALARM
ALARM T
DISCONNECT
LINKCLEAR
Operation of
remote devices
LOOP1
LOOP2
STARTAL
RESTART
PING
MACTABLE
MACTABLE C
BERT Submenu
Administration of
the device
DIFF
DUMP
SERNUM
LICENSE
ACO change
RESET
SOFTUPDATE
SOFTCONFIRM
ID
RESPONSE
PASSWORD
NMTHR
To Next Page
Loading...
