hello Mailing-List, i'm trying to do the authentication of cisco cat switches with the freeradius. The Authentication works fine, also the authentication of the enable lvl mode (e.g. $enab15$) and the accounting too (the configuration is from the freeradius-wiki cisco artical). But i'm still having a problem with cisco-avpair attribute. I don't know why shell:priv-lvl=15 doesn't work. I want, that the user will be directly logged in to the priv-lvl without doing the enable authentication. i'm using the Version 1.1.7 of Radius (Debian Package) and here ist my configuration (i have switched from sql database to files for debugging ): admin Cleartext-Password := "pass" Service-Type = NAS-Prompt-User, cisco-avpair = "shell:priv-lvl=15" and hier is the debugging output of freeradius (freeradius -X): rad_recv: Access-Request packet from host 192.168.178.2:1812, id=23, length=90 NAS-IP-Address = 192.168.178.2 NAS-Port = 2 Cisco-NAS-Port = "tty2" NAS-Port-Type = Virtual User-Name = "admin" Calling-Station-Id = "192.168.178.3" User-Password = "pass" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "admin", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry admin at line 64 modcall[authorize]: module "files" returns ok for request 0 radius_xlat: 'admin' rlm_sql (sql): sql_set_user escaped user --> 'admin' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'admin' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 3 rlm_sql (sql): User admin not found in radcheck radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Att ribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'admin' AND usergroup.GroupName = radgroupcheck.GroupName O RDER BY radgroupcheck.id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Att ribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'admin' AND usergroup.GroupName = radgroupreply.GroupName O RDER BY radgroupreply.id' rlm_sql (sql): User admin not found in radgroupcheck rlm_sql (sql): Released sql socket id: 3 rlm_sql (sql): User not found modcall[authorize]: module "sql" returns notfound for request 0 modcall[authorize]: module "pap" returns updated for request 0 rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module "noresetcounter" returns noop for request 0 rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module "dailycounter" returns noop for request 0 rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module "monthlycounter" returns noop for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type pap auth: type "PAP" Processing the authenticate section of radiusd.conf modcall: entering group PAP for request 0 rlm_pap: login attempt with password pass rlm_pap: Using clear text password "pass". rlm_pap: User authenticated successfully modcall[authenticate]: module "pap" returns ok for request 0 modcall: leaving group PAP (returns ok) for request 0 Sending Access-Accept of id 23 to 192.168.178.2 port 1812 Service-Type = NAS-Prompt-User Cisco-AVPair = "shell:priv-lvl=15" Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 23 with timestamp 48771d94 Nothing to do. Sleeping until we see a request. And here is the the debuging ouput of the switch: 03:27:12: AAA: parse name=tty3 idb type=-1 tty=-1 03:27:12: AAA: name=tty3 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=3 channel=0 03:27:12: AAA/MEMORY: create_user (0x80BAD274) user='' ruser='' port='tty3' rem_addr='192.168.178.3' authen_type=ASCII service=LOGIN priv=1 03:27:12: AAA/AUTHEN/START (2153705482): port='tty3' list='' action=LOGIN service=LOGIN 03:27:12: AAA/AUTHEN/START (2153705482): using "default" list 03:27:12: AAA/AUTHEN/START (2153705482): Method=radius (radius) 03:27:12: AAA/AUTHEN (2153705482): status = GETUSER 03:27:16: AAA/AUTHEN/CONT (2153705482): continue_login (user='(undef)') 03:27:16: AAA/AUTHEN (2153705482): status = GETUSER 03:27:16: AAA/AUTHEN (2153705482): Method=radius (radius) 03:27:16: AAA/AUTHEN (2153705482): status = GETPASS 03:27:17: AAA/AUTHEN/CONT (2153705482): continue_login (user='admin') 03:27:17: AAA/AUTHEN (2153705482): status = GETPASS 03:27:17: AAA/AUTHEN (2153705482): Method=radius (radius) 03:27:17: AAA/AUTHEN (2153705482): status = PASS i hope, you kann help me thnx Simo