Cisco AVpairs again.
David Bell
David.Bell at dxi.net
Tue Mar 4 10:34:38 CET 2008
Hi folks, same david Bell, different email address :)
Well I now have RADIUS and Cisco working pretty much as I want.
However it seems to be passing the AVPair stuff back, but the Cisco doesnt
seem to recognise it.
Where have I gone wrong.
My Users file has the following
DEFAULT Ldap-Group == "SMC7", Auth-Type := Accept
Reply-Message = "You now have level 7 access as part of the SMC
Group\n",
cisco-avpair = "shell:priv-lvl=7"
When I log in I see freeRADIUS reply with the relevent parts
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
rad_check_password: Found Auth-Type Accept
rad_check_password: Auth-Type = Accept, accepting the user
Login OK: [bob/pass1] (from client 212.95.252.0/24 port 0)
Sending Access-Accept of id 10 to 212.95.252.25 port 39111
Reply-Message = "You now have level 7 access as part of the SMC
Group\n"
Cisco-AVPair = "shell:priv-lvl=7"
Finished request 0.
Going to the next request
Waking up in 0.9 seconds.
Waking up in 4.0 seconds.
Cleaning up request 0 ID 10 with timestamp +7
Ready to process requests.
With verbose RADIUS debugging on the Cisco
Username: bob
Password:
You now have level 7 access as part of the SMC Group
Switch>
16:10:20: RADIUS: Pick NAS IP for u=0x3C8D5F8 tableid=0 cfg_addr=0.0.0.0
16:10:20: RADIUS: ustruct sharecount=1
16:10:20: Radius: radius_port_info() success=1 radius_nas_port=1
16:10:20: RADIUS: added cisco VSA 2 len 4 "tty0"
16:10:20: RADIUS: Received from id 1645/10 212.95.255.242:1812,
Access-Accept, len 99
16:10:20: RADIUS: saved authorization data for user 3C8D5F8 at 3CD2348
When I ask the cisco for the current privilege level
Switch>show priv
Current privilege level is 1
Anyone got any pointers?
David
More information about the Freeradius-Users
mailing list