command autho. is it possible?
hegedus.gabor at euroway.hu
Fri Feb 6 11:30:02 CET 2009
I have read a lot of manual, example and post, but I still don't know
what is the solutions.
I have newest freeradius, and cisco devices(now AP).
I want the user authentication to the cisco device by fr,
I configure the users file like this:
test Cleadtext-Password := "test"
Service-Type = NAS-Prompt-User,
cisco-avpair = "shell:priv-lvl=15"
The user get the level what i set.
The enable level ( $enalXX$) works too.
But don't know how can I set the command authorization, on the
freeradius and cisco.
The cisco commands what I set:
aaa group server radius Radius-Servers
server 10.10.10.10 auth-port 1812 acct-port 1813
aaa authentication login default group Radius-Servers
aaa authentication enable default group Radius-Servers enable
aaa authorization console
aaa authorization exec default group Radius-Servers if-authenticated
aaa authorization network default group Radius-Servers if-authenticated
aaa session-id common
In fact, at first time I just want set show running-config but
disable configure command.
using privilege levels is not good, both commands are on the same
What is the solutions?
I don't want use 2 server (tacacs+ and fr) for this.
I saw something tacacs+ integration into freeradius but I don't know
this is a good solution, an how can I configure.
More information about the Freeradius-Users