Privileges cisco-avpair = "shell:priv-lvl=10" doesn't work
Øystein Gyland
oystegy at usit.uio.no
Fri Oct 12 10:18:36 CEST 2012
On Fri, 2012-10-12 at 09:13 +0200, Ruben Blendeman wrote:
> Hi,
>
> I want assign different privileges to users, these are my users:
>
> admin Cleartext-Password := "admin"
> cisco-avpair = "shell:priv-lvl=15"
>
>
>
> user1 Cleartext-Password := "user1"
> cisco-avpair = "shell:priv-lvl=10"
>
>
>
> user2 Cleartext-Password := "user2"
> cisco-avpair = "shell:priv-lvl=11"
>
>
> But if I configure a privilege on my cisco switch on level 10, all my
> users have the same rights.
> If I debug on my switch, my user1 is not in priv lvl 10..
> Any idea how to fix it?
Have you seen the Wiki?
http://wiki.freeradius.org/vendor/Cisco#Shell-Access
You're not sending a "Service-Type" attribute to the switch, according
to Cisco[0], it's required to send the "shell:priv-lvl=" attribute with
a corresponding "Service-Type" attribute. (It might work on later
versions of IOS without the latter attribute though).
[0]
http://www.cisco.com/en/US/tech/tk59/technologies_configuration_example09186a0080178a51.shtml
--
Øystein Gyland
More information about the Freeradius-Users
mailing list