LDAP Reply Attributes

Tyler Brady tbrady at stc-comm.com
Fri Jan 11 18:11:08 CET 2013

I'm sure this is an easy issue to solve, but my simple brain can't seem to put the pieces together. Any help would be greatly appreciated.

I'm trying to authorize a login into a Cisco switch with admin privileges.


DEFAULT =   LDAP-Group == Radius-Users"
                         Reply-Message = "Welcome Message Test",
                         Cisco-AVPair = "shell:priv-lvl=15"

Note: I've tried many different combinations of attributes with no luck. (Service-Type = Administrative-User,  Service-Type = NAS-Prompt-User)


Sending Access-Accept of id 61 to port 1645
                Reply-Message = "Welcome Message Test"
                Cisco-AVPair = "shell:priv-lvl=15"

The switch login successfully shows "Welcome Message Test," but still kicks into user exec mode without applying the Cisco-AVPair = "shell:priv-lvl=15"

I noticed that there is a mapping for the Reply-Message found in ldap.attrmap, but none for Cisco-AVPair. Is this why it's not working? If so, I have not been able to find the correct syntax for adding it to ldap.attrmap.

Thanks in advance,

T. Brady
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130111/e21d6271/attachment-0001.html>

More information about the Freeradius-Users mailing list