Privileged Login on CISCO using freeradius and MySQL [Virus checked]

thomas.pudil at t-mobile.at thomas.pudil at t-mobile.at
Wed May 10 19:16:22 CEST 2006


Hi,

I hope someone can help me with that - I dont seem to be able to, after
hours of Googling and trying ... :-(

I want to allow an admin to login to a Cisco-box, authenticated via radius
and get immediately to privileged level ( so he doesnt have to do a
"enable" when he logged in to the box)

I have put the following into the 'radgroupreply' table of the
MySQL-Database

mysql> select * from radgroupreply;
+----+-----------+--------------+----+-------------------+
| id | GroupName | Attribute    | op | Value             |
+----+-----------+--------------+----+-------------------+
|  1 | lanmgmt   | cisco-avpair | =  | shell:priv-lvl=15 |
+----+-----------+--------------+----+-------------------+

(For the operator I have already tried ':=')
My 'radreply'-table is currently empty

The other tables look like this:

mysql> select * from radcheck;
+----+----------+-----------+----+-------+
| id | UserName | Attribute | op | Value |
+----+----------+-----------+----+-------+
|  1 | pudilt   | Password  | == | 1234  |
+----+----------+-----------+----+-------+
1 row in set (0.00 sec)

mysql> select * from radgroupcheck;
+----+-----------+-----------+----+-------+
| id | GroupName | Attribute | op | Value |
+----+-----------+-----------+----+-------+
|  1 | lanmgmt   | Auth-Type | == | Local |
+----+-----------+-----------+----+-------+
1 row in set (0.00 sec)

mysql> select * from usergroup;
+----------+-----------+----------+
| UserName | GroupName | priority |
+----------+-----------+----------+
| pudilt   | lanmgmt   |        1 |
+----------+-----------+----------+
1 row in set (0.00 sec)


Is the 'cisco-avpair' parameter misplaced, or should I look for the error
on the CISCO-config (using IOS 12.1)?

thanks alot
thomas







More information about the Freeradius-Users mailing list