Cisco av-pair for NX-OS and IOS
Michael Schwartzkopff
ms at sys4.de
Fri Feb 8 08:53:18 CET 2013
Am Donnerstag, 7. Februar 2013, 23:51:34 schrieb Norman Zhang:
> Hi,
>
> Using freeradius2-2.1.12. I need to setup read-write access for both Cisco
> NX-OS and IOS devices. I did the following,
>
> DEFAULT Group == operator-rw, Auth-Type = System
> Service-Type = NAS-Prompt-User,
> cisco-avpair := "shell:roles*\"network-admin vdc-admin
> priv-lvl=15\""
>
> I can log into both NX-OS and IOS devices; however, IOS devices only
> permits exec mode not the privileged exec (enable) mode. Not sure if I'm
> doing something wrong on the syntax. Can someone give me few pointers?
>
> Norman
Hi,
Please read http://wiki.freeradius.org/vendor/Cisco
especially the section "Command Authorization", last paragraph.
Your configuration should work, but in a move by Cisco to make TACACS
superior
to RADIUS they compiled their IOS so that this AV pair does not work.
I have a feature request at Cisco to improve the situation. I am really
looking forward when Cisco will implement it.
Greetings,
--
Michael Schwartzkopff
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130208/b18de5c2/attachment-0001.html>
More information about the Freeradius-Users
mailing list