freeRADIUS and Cisco switch errors, the server replies but the switch does not seem to authorise the login
Bjørn Mork
bjorn at mork.no
Mon Feb 4 19:31:01 CET 2008
"David Bradley" <bradleydj at gmail.com> writes:
> I did try changing 'shell' to NAS-Prompt-User and Login, neither made any
> difference, but I have not tried Administrative-User..
Ah, sorry I wasn't more precise. I meant changing the replylist from
Cisco-AVPair = "shell:priv-lvl=15"
to
Service-Type := Administrative-User
These should be equivalent:
DEFAULT Service-Type == NAS-Prompt-User
Service-Type := NAS-Prompt-User,
Cisco-AVPair += "shell:priv-lvl=15"
DEFAULT Service-Type == NAS-Prompt-User
Service-Type := Administrative-User
Note that "Service-Type == NAS-Prompt-User" in FreeRADIUS is what Cisco
refers to as "service = shell". See share/freeradius/dictionary.rfc2865
and compare the values with e.g.
http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a008009465c.shtml
Bjørn
More information about the Freeradius-Users
mailing list