R: log on device directly in "priviledged mode"

Alexander Papenburg freeradius at papenb.org
Wed Apr 11 18:00:43 CEST 2007


Molteni Davide wrote:
>
> -----Messaggio originale-----
> Da: freeradius-users-bounces+d.molteni=ntsitalia.com at lists.freeradius.org per conto di Alexander Papenburg
> Inviato: mer 11/04/2007 15.41
> A: FreeRadius users mailing list
> Oggetto: Re: log on device directly in "priviledged mode"
>  
> Molteni Davide wrote:
>   
>> Finally I successfully managed to log into the cisco switch (thanks to 
>> your help) using freeradius.
>> Now I want that the radius users can directly enter into enable mode 
>> of the cisco device. I set this in the users file
>>
>> test Auth-Type := Local, User-Password == "test"
>>      Cisco-AVPair = "shell:priv-lvl=15"
>>
>> but it doesn't work, the user "test" log into the cisco as unpriviledged.
>>
>> Is there something missing in the config?
>>
>> ------------------------------------------------------------------------
>>
>> - 
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>     
>
> Hi,
>
> you need something like that in your switch config:
>
> aaa authorization exec default group [YOURSERVERGROUPHERE] local
>
>
> I have tried but with the line you suggested Authorization fails and device won't let me in
>   

Oh I am sorry, seems like this will work only on cisco router, for 
switches you need tacacs for exec mode.

cisconfusion %)





More information about the Freeradius-Users mailing list