How to get vendor-specific attribute value pairs
Mathieu Simon
mathieu.sim at gmail.com
Wed Jul 10 13:46:21 CEST 2013
G'day list
I have been tinkering with some Netgear managed L2/L3 switching stuff and
got the
login working via freeradius (actually quite simple compared to EAP stuff
for wireless).
But when issuing "enable" after login, going into what they call
"Privileged EXEC" mode
it will - very similar to Cisco - send a request for a user $enab15$ to the
radius server
when FR doesn't send Cisco own attribute value pair for privileges.
At leat defining such a user leads to working elevation to this privileged
mode
but requires it instead of using the network admin's own password.
In general a lot of commands on these Netgears are (very much) simiar to
Cisco IOS
where one can use "shell:priv-lvl=15" avpair during authentication so the
Cisco switch/router
know privilege level of the logged in user and thus won't ask for a
$enab15$ user.
FreeRADIUS doesn't have a dictionnary for Netgear stuff yet, I don't think
Netgear
copied Cisco's own AVpair use, but in case they do have own AV pairs, how
do
you guys generally identify them?
Best regards
Mathieu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130710/40e922be/attachment.html>
More information about the Freeradius-Users
mailing list