command autho. is it possible?

Hegedus Gabor hegedus.gabor at
Fri Feb 6 11:30:02 CET 2009

Hi all!

I have read a lot of manual, example and post, but  I still don't  know  
what is the solutions.

I have newest freeradius, and cisco devices(now AP).

I want  the user authentication to the cisco device by fr,
It works,
I configure the users file like this:

test Cleadtext-Password := "test"
    Service-Type = NAS-Prompt-User,
    cisco-avpair = "shell:priv-lvl=15"
The user get the level what i set.
The enable level ( $enalXX$) works too.

But don't know how can I set the command authorization, on the 
freeradius and cisco.
The cisco commands what I set:

aaa group server radius Radius-Servers
     server auth-port 1812 acct-port 1813
aaa authentication login default group Radius-Servers
aaa authentication enable default group Radius-Servers enable
aaa authorization console
aaa authorization exec default group Radius-Servers if-authenticated
aaa authorization network default group Radius-Servers if-authenticated
aaa session-id common

In fact, at first time I just want set  show running-config  but  
disable  configure  command.
using privilege  levels is not good,  both commands are on the same 

What is the solutions?
I don't want use  2 server (tacacs+  and  fr) for this.
I saw something tacacs+ integration into freeradius but I don't know 
this is a good solution, an how can I configure.

Thank you,
Best regards

More information about the Freeradius-Users mailing list