Conditional shell:priv-lvl as login reply on CISCO using client's source net and user's ldap attribute.

Giuseppe Civitella gcivitella at
Mon Jan 15 18:31:28 CET 2018

Il 12/01/2018 17:12, Alan DeKok ha scritto:
>   You can do it.  But you need to have the query return one object... as the error message tells you.

so I fixed my queries.
I used something like

&FreeRADIUS-Client-Secret =

instead of

&FreeRADIUS-Client-Secret =

And I've been able to send the auth request to a virtual server where I
reply a CISCO auth level looking for user's LDAP attributes.
Something like:

                update reply {
                        Reply-Message     += "Hello ciscoAdminGroup1
                        Cisco-AVPair += "shell:priv-lvl=15"

I'm not done yet. But wanted to share the result.


More information about the Freeradius-Users mailing list