Is there any way to configure a Windows 2008 RADIUS server to pass back user privilege information for Admin account types? I know this can be done for Auth and XAuth which is traffic flowing through the firewall. I want to pass back to the firewall whether the user logging in to the device itself is a read-write or a read-only admin.
So far the only way I can get the configuration to work is to set the admin privileges on the firewall by selecting "External admin has read-only privilege" or "External admin has read-write privilege".
This means I have to choose which set of users will externally authenticate via RADIUS and set the other group of users up locally. Is this correct? Is there another way to handle this requirement?
Setup:
SSG-550M ScreenOS 6.2.0r5
Windows 2008 R2 64-bit