I'm sure this question has been asked 5,000 times, and I apologize for asking it a 5001st.<br><br>I'm trying to setup radius to authenticate our switches off of, which is a mixture of cisco catalysts's and force10 s50's. <br>
<br>I've tried using the setup described here:<br><a href="http://wiki.freeradius.org/Cisco#Per_User_Privilege_Level">http://wiki.freeradius.org/Cisco#Per_User_Privilege_Level</a><br><br>I've been trying this:<br>
DEFAULT Ldap-Group == "cn=admin,ou=radius,ou=WebAuth,dc=ourgroup,dc=com", Auth-Type := Accept<br> Service-Type = NAS-Prompt-User,<br> cisco-avpair = "shell:priv-lvl=15"<br>
<br>This works as expected on the force10's. Users in this group get dropped into privilege 15. I also have a read only group (cn=readonly,ou=radious), and those users get dropped into privilege 1. however, on the cisco's all users are being dropped into privilege 1, in which case we have to have the enable password as well.<br>
<br>Let me know if more info is needed. Any ideas are appreciated. Thanks.<br clear="all"><br>-- <br>Derek Bodner<br><a href="mailto:subscribedlists@derekbodner.com">subscribedlists@derekbodner.com</a><br>