How to get vendor-specific attribute value pairs

[Mathieu Simon]

As a short update on this topic - I thought it might be worth sharing the
update
since I've been successfull in getting authorized via FR to privileged exec
mode
on a Netgear GSM7224P (F/W 1.0.1.21).

Netgear is based on Broadcom FASTPATH (MIBs tell so) - as do some Dell
PowerConnect's and fortunately both CLI and behaviour are very close - they
also behave quite similar to Cisco IOS CLI. Some documentation exists on
the net how to get SSH login working with PowerConnects but I've not found
real examples for Netgears.

I was successfully authorized to level 15 when I added a update reply
section sending either / or:
- Cisco-AVPair:= "shell:priv-lvl=15"
- Service-Type = Administrative-User

It worked with both messages, I've once read that some newer Dells started
preferring the
second, less Cisco-centric, message but with Netgear's (currently) latest
Firmware is seems
working with both.

On the switch I had to configure radius server address and auth lists
(actually Web UI have their own, httplist / httpslist) for
Console/Telnet/SSH
I also had to set following line to get privilege level 15: aaa
authorization exec default radius local *

That apparently was helping the switch to understand the message sent by
FreeRADIUS.
I'll have to clean up things a little but at least this seems to be working
now, not more clunky
shared $enab15$ user required :-)

-- Mathieu

* Which is similar to Cisco's 'aaa authorization exec default group radius
none' I found here - kudos to:
http://lists.freeradius.org/pipermail/freeradius-users/2008-July/029800.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130715/ddf5e1de/attachment-0001.html>