Table of Contents
Advertisement
How it works
Important note: The following only applies to newer SP+ firmware 5937 and later
Authorization and Privilege Level checking
It is possible to define specific attributes for each user at the server side to check whether the
user has administrator rights or just a simple user (privilege level checking).
All Radius users which doesn't have the privilege level attributes set, will only have Viewer level
(read-only) access to the SP+ web UI.
Note that Radius permissions can only use the default permission levels (Admin/User/Viewer),
you cannot customize them as you can with local users.
The privilege level checking is done using a custom dictionary to check the AKCP-User-Role
attribute, with numbers as follows:
0-15 - Viewer
16-31 - User
32 and above - Admin
In order for this to work, the Radius server's configuration needs to have the AKCP-User-Role
custom vendor attribute defined in the "dictionary" file. You can copy-paste the following to add
this new attribute to the dictionary file:
VENDOR
BEGIN-VENDOR
#
# AKCP Attributes
#
ATTRIBUTE
AKCP-User-Role
END-VENDOR
AKCP
Once the AKCP-User-Role attribute is defined in the Radius "dictionary" file and the Radius
service is restarted, then it should be available to use.
Then in the "users" file this new attribute must be set for each user. See some examples below.
AKCP
3854
AKCP
1
integer
- 11 -
SP+ Radius User Manual
Advertisement
Table of Contents
Need help?
Do you have a question about the FreeRADIUS SP+ and is the answer not in the manual?
Questions and answers