We have been using network switches from Enterasys and for logging in to these switches, with AD credentials, we have setup a freeradius server on RHEL 6.5 server, that is working absolutely fine.
The /etc/raddb/users file is as below:
DOMAIN_USER1 Auth-Type := ntlm_auth
Filter-id = "Enterasys:version=1:mgmt=su"
DOMAIN_USER2 Auth-Type := ntlm_auth
Filter-id = "Enterasys:version=1:mgmt=su"
USER1 Cleartext-password := PASSWORD
Filter-id = "Enterasys:version=1:mgmt=ro"
Now, switches from different vendors like HP and Extreme networks are introduced in our network environment. With above mentioned attributes, logging in to the HP and Extreme switches is possible, but just as a read-only user (which, I suppose, is due to improper attributes set).
In order to deal with this, I've added another user USER2, in order to log in to Extreme switches with admin rights, in the /etc/raddb/users file as below:
USER2 User-password := PASSWORD
Service-Type = "Administrative-User",
Filter-Id = "unlim"
With this, user USER2 is able to log in to the Extreme switch with admin rights.
How should I proceed if I want to have single user account in order to log in to all the switches with admin privileges? How can I apply multiple attributes to single user?
