Freeradius and Cisco (cisco-avpair = "shell:priv-lvl=15" doesn't work)
Alan DeKok
aland at deployingradius.com
Fri Jul 11 11:17:50 CEST 2008
Simo wrote:
> i'm trying to do the authentication of cisco cat switches with the
> freeradius. The Authentication works fine, also the authentication of
> the enable lvl mode (e.g. $enab15$) and the accounting too (the
> configuration is from the freeradius-wiki cisco artical).
> But i'm still having a problem with cisco-avpair attribute. I don't know
> why shell:priv-lvl=15 doesn't work. I want, that the user will be
> directly logged in to the priv-lvl without doing the enable
> authentication.
Read the switch documentation to see what RADIUS attributes it expects
to see in the response, in order to enable admin login access.
> i'm using the Version 1.1.7 of Radius (Debian Package)
> and here ist my configuration (i have switched from sql database to
> files for debugging ):
>
> admin Cleartext-Password := "pass"
> Service-Type = NAS-Prompt-User,
> cisco-avpair = "shell:priv-lvl=15"
That doesn't look right. You probably want "Service-Type = Login-User".
Again, this is documented in the switch manual.
Alan DeKok.
More information about the Freeradius-Users
mailing list