Cisco AVpairs again.

Ivan Kalik tnt at kalik.net
Tue Mar 4 10:57:40 CET 2008 

Have you configured that priv level? Only 1 and 15 are configured by
default.

Ivan Kalik
Kalik Informatika ISP


Dana 4/3/2008, "David Bell" <David.Bell at dxi.net> piše:

>Hi folks, same david Bell, different email address :)
>
>Well I now have RADIUS and Cisco working pretty much as I want.
>
>However it seems to be passing the AVPair stuff back, but the Cisco doesnt
>seem to recognise it.
>
>Where have I gone wrong.
>
>My Users file has the following
>
>DEFAULT Ldap-Group == "SMC7", Auth-Type := Accept
>    Reply-Message = "You now have level 7 access as part of the SMC
>Group\n",
>    cisco-avpair = "shell:priv-lvl=7"
>
>When I log in I see freeRADIUS reply with the relevent parts
>
>++[ldap] returns ok
>++[expiration] returns noop
>++[logintime] returns noop
>rlm_pap: Found existing Auth-Type, not changing it.
>++[pap] returns noop
>  rad_check_password:  Found Auth-Type Accept
>  rad_check_password: Auth-Type = Accept, accepting the user
>Login OK: [bob/pass1] (from client 212.95.252.0/24 port 0)
>Sending Access-Accept of id 10 to 212.95.252.25 port 39111
>        Reply-Message = "You now have level 7 access as part of the SMC
>Group\n"
>        Cisco-AVPair = "shell:priv-lvl=7"
>Finished request 0.
>Going to the next request
>Waking up in 0.9 seconds.
>Waking up in 4.0 seconds.
>Cleaning up request 0 ID 10 with timestamp +7
>Ready to process requests.
>
>With verbose RADIUS debugging on the Cisco
>
>Username: bob
>Password:
>You now have level 7 access as part of the SMC Group
>
>
>Switch>
>16:10:20: RADIUS: Pick NAS IP for u=0x3C8D5F8 tableid=0 cfg_addr=0.0.00
>16:10:20: RADIUS: ustruct sharecount=1
>16:10:20: Radius: radius_port_info() success=1 radius_nas_port=1
>16:10:20: RADIUS: added cisco VSA 2 len 4 "tty0"
>16:10:20: RADIUS: Received from id 1645/10 212.95.255.242:1812,
>Access-Accept, len 99
>16:10:20: RADIUS: saved authorization data for user 3C8D5F8 at 3CD2348
>
>When I ask the cisco for the current privilege level
>
>Switch>show priv
>Current privilege level is 1
>
>Anyone got any pointers?
>
>David
>
>
>
>
>
>
>
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>

More information about the Freeradius-Users mailing list