Cisco Privileges

Derek Bodner subscribedlists at derekbodner.com
Fri May 1 23:27:57 CEST 2009


I'm sure this question has been asked 5,000 times, and I apologize for
asking it a 5001st.

I'm trying to setup radius to authenticate our switches off of, which is a
mixture of cisco catalysts's and force10 s50's.

I've tried using the setup described here:
http://wiki.freeradius.org/Cisco#Per_User_Privilege_Level

I've been trying this:
DEFAULT         Ldap-Group ==
"cn=admin,ou=radius,ou=WebAuth,dc=ourgroup,dc=com", Auth-Type := Accept
                Service-Type = NAS-Prompt-User,
                cisco-avpair = "shell:priv-lvl=15"

This works as expected on the force10's.  Users in this group get dropped
into privilege 15.  I also have a read only group (cn=readonly,ou=radious),
and those users get dropped into privilege 1.  however, on the cisco's all
users are being dropped into privilege 1, in which case we have to have the
enable password as well.

Let me know if more info is needed.  Any ideas are appreciated.  Thanks.

-- 
Derek Bodner
subscribedlists at derekbodner.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090501/a5df2739/attachment.html>


More information about the Freeradius-Users mailing list