Privileged Login on CISCO using freeradius and MySQL [Virus checked]
thomas.pudil at t-mobile.at
thomas.pudil at t-mobile.at
Wed May 10 19:16:22 CEST 2006
Hi,
I hope someone can help me with that - I dont seem to be able to, after
hours of Googling and trying ... :-(
I want to allow an admin to login to a Cisco-box, authenticated via radius
and get immediately to privileged level ( so he doesnt have to do a
"enable" when he logged in to the box)
I have put the following into the 'radgroupreply' table of the
MySQL-Database
mysql> select * from radgroupreply;
+----+-----------+--------------+----+-------------------+
| id | GroupName | Attribute | op | Value |
+----+-----------+--------------+----+-------------------+
| 1 | lanmgmt | cisco-avpair | = | shell:priv-lvl=15 |
+----+-----------+--------------+----+-------------------+
(For the operator I have already tried ':=')
My 'radreply'-table is currently empty
The other tables look like this:
mysql> select * from radcheck;
+----+----------+-----------+----+-------+
| id | UserName | Attribute | op | Value |
+----+----------+-----------+----+-------+
| 1 | pudilt | Password | == | 1234 |
+----+----------+-----------+----+-------+
1 row in set (0.00 sec)
mysql> select * from radgroupcheck;
+----+-----------+-----------+----+-------+
| id | GroupName | Attribute | op | Value |
+----+-----------+-----------+----+-------+
| 1 | lanmgmt | Auth-Type | == | Local |
+----+-----------+-----------+----+-------+
1 row in set (0.00 sec)
mysql> select * from usergroup;
+----------+-----------+----------+
| UserName | GroupName | priority |
+----------+-----------+----------+
| pudilt | lanmgmt | 1 |
+----------+-----------+----------+
1 row in set (0.00 sec)
Is the 'cisco-avpair' parameter misplaced, or should I look for the error
on the CISCO-config (using IOS 12.1)?
thanks alot
thomas
More information about the Freeradius-Users
mailing list