How to Authorize group from AD

Alan DeKok aland at
Fri Feb 1 18:52:49 CET 2019

On Feb 1, 2019, at 10:50 AM, Maicon Luis <maiconlp at> wrote:
> I’m newcomer here as well as on freeradius.

  Welcome!  It's not as bad as sometimes rumoured.  :)

> I have a environment with Radius integrated with Active directory so I can login on Cisco’s  Switches with AD account. All it’s working but I should like give privilege 15 for users that login.
> I have done the follow lines on “user” file
> user1
>                Service-Type = NAS-Prompt-User,
>                Cisco-AVPair = "shell:priv-lvl=15",
>                Fall-Through = Yes
> When user1 do login on cisco switch he need type “enable” more local password for enable instead your password from Active Directory
> I should like when user “user1” login on Cisco Switch and type enable he earn privileges 15 directly without any password or your password from AD instead local enable password.

  That's a configuration for the switch, unless I'm mistaken.

  i.e. the Cisco documentation should describe how to do this.  There might be some RADIUS involved, but largely it means having the RADIUS server return the "right" atrributes.

  And what are the "right" attributes?  I don't know.  Read the Cisco docs to see what their product needs.

  Alan DeKok.

More information about the Freeradius-Users mailing list