freeRADIUS and Cisco switch errors, the server replies but the switch does not seem to authorise the login

Bjørn Mork bjorn at mork.no
Mon Feb 4 19:31:01 CET 2008


"David Bradley" <bradleydj at gmail.com> writes:

> I did try changing 'shell' to NAS-Prompt-User and Login, neither made any
> difference, but I have not tried Administrative-User..

Ah, sorry I wasn't more precise.  I meant changing the replylist from 
   Cisco-AVPair = "shell:priv-lvl=15"
to 
   Service-Type := Administrative-User

These should be equivalent:

DEFAULT Service-Type == NAS-Prompt-User
        Service-Type := NAS-Prompt-User,
        Cisco-AVPair += "shell:priv-lvl=15"

DEFAULT Service-Type == NAS-Prompt-User
        Service-Type := Administrative-User



Note that "Service-Type == NAS-Prompt-User" in FreeRADIUS is what Cisco
refers to as "service = shell".  See share/freeradius/dictionary.rfc2865
and compare the values with e.g.
http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a008009465c.shtml



Bjørn




More information about the Freeradius-Users mailing list