Cisco Privilege Level
Gerald Krause
gk at ax.tc
Tue Sep 27 21:07:08 CEST 2005
Am Dienstag, 20. September 2005 20:13 schrieb Ryan Sharpe:
> Hello all,
>
> I'm having a problem getting users to default to the right privilege
> level.
>
> aaa authentication login default group radius local
> aaa authorization exec default group radius local
> radius-server host xx.20.xx.xx auth-port 1645 acct-port 1646
> radius-server key 7 xxxxxxxxxxxx
> privilege exec level 2 enable
>
> DEFAULT Group == "radiusfull", Auth-Type = System
> CiscoAVPair = "shell:priv-lvl=2",
> Fall-Through = No
> DEFAULT Group == "radiusview", Auth-Type = System
> CiscoAVPair = "shell:priv-lvl=1",
> Fall-Through = No
...
> I also did a packet capture of the communication between
> the two devices and I did no see any of the AVPairs in the packet data.
> If someone could help and enlighten me that would be great. THANKS!
Maybe you should use "Cisco-AVPair" instead of "CiscoAVPair"? Or is
"CiscoAVPair" in one of your dictionaries?
--Gerald
More information about the Freeradius-Users
mailing list