Hi, I have had the "cisco-avpair" attribute inserted into the radgroupreply table and I still cannot get the users to login into privileged mode.
I tried this as well on another user from a users file now and it's the same result. On the two occassions, I can see from the debugging messages that radius is passing the correct information back to the NAS such as the av-pair set. But somehow the users are not getting logged into the router in privileged mode. The following is the relevant part of my radiusd -X message... ---- Starting - reading configuration files ...reread_config: reading radiusd.confConfig: including file: /usr/local//etc/raddb/clients.confConfig: including file: /usr/local//etc/raddb/snmp.confConfig: including file: /usr/local//etc/raddb/sql.conf main: prefix = "/usr/local/" main: localstatedir = "/usr/local//var" main: logdir = "/usr/local//var/log/radius" main: libdir = "/usr/local//lib" main: radacctdir = "/usr/local//var/log/radius/radacct" main: hostname_lookups = noread_config_files: reading dictionaryread_config_files: reading clientsread_config_files: reading realmsread_config_files: reading naslist main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/usr/local//var/run/radiusd/radiusd.pid" main: user = "mysql" main: group = "mysql" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: proxy_requests = no security: max_attributes = 200 security: reject_delay = 1 main: debug_level = 0read_config_files: entering modules setupModule: Library search path is /usr/local/libModule: Loaded System unix: cache = yes unix: passwd = "/etc/passwd" unix: shadow = "/etc/shadow" unix: group = "/etc/group" unix: radwtmp = "/usr/local//var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600HASH: ... ...Starting connect to MySQL server for #0rlm_sql: Connected new DB handle, #0rlm_sql: starting 1rlm_sql: Attempting to connect #1rlm_sql: Starting connect to MySQL server for #1rlm_sql: Connected new DB handle, #1rlm_sql: starting 2rlm_sql: Attempting to connect #2rlm_sql: Starting connect to MySQL server for #2rlm_sql: Connected new DB handle, #2rlm_sql: starting 3rlm_sql: Attempting to connect #3rlm_sql: Starting connect to MySQL server for #3rlm_sql: Connected new DB handle, #3rlm_sql: starting 4rlm_sql: Attempting to connect #4rlm_sql: Starting connect to MySQL server for #4rlm_sql: Connected new DB handle, #4Module: Instantiated sql (sql) Module: Loaded files files: usersfile = "/usr/local//etc/raddb/users" files: acctusersfile = "/usr/local//etc/raddb/acct_users" files: compat = "no"Module: Instantiated files (files) Module: Loaded detail detail: detailfile = "/usr/local//var/log/radius/radacct/%{Client-IP-Address}/detail" detail: ... ...Ready to process requests.rad_recv: Access-Request packet from host 192.120.130.2:1645, id=65, length=76 NAS-IP-Address = 192.120.130.2 NAS-Port = 0 Cisco-NAS-Port = "tty0" NAS-Port-Type = Async User-Name = "cocoon" User-Password = "\3341+\340\250\351\240\276\017\021\265\206\307\340\010\243"modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_realm: Looking up realm NULL for User-Name = "cocoon" rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noopradius_xlat: 'cocoon'sql_set_user: escaped user --> 'cocoon'radius_xlat: ... ...Released sql socket id: 4 modcall[authorize]: module "sql" returns ok modcall[authorize]: module "files" returns notfoundmodcall: group authorize returns okauth: type Localauth: user supplied User-Password matches local User-PasswordSending Access-Accept of id 65 to 192.120.130.2:1645 Cisco-AVPair = "shell:priv-lvl=15"Finished request 0. Going to the next request... ---- Anyone know what is going on here? Do I need to set radius-server host non-standard in the Cisco ? Thanks alot, Gbenga. --- Alexey Chetroi <[EMAIL PROTECTED]> wrote: > On Sun, Nov 10, 2002 at 11:33:44PM +0000, Gbenga > wrote: > > I have freeradius server running on Solaris 8, > > authenticating off MySQL and all is working fine > at > > moment. But I want to implement Cisco AVPair > > attributes on some of the users. Specifically the > > users that belongs to the administrator group in > my > > user file. > > > > I read that I can implement Cisco AVPair and the > users > > will automatically be dropped into privileged mode > > whenever they log into the router. The AV-Pair in > > question is "cisco-avpair=shell-priv-lvl=15". > > > > My question is how do I add these to the > user/group > > profile in the user table(s). Some example of > where > > this will go in the sql table will be appreciated. > > Just add to radgroupreply table attribute > Cisco-AVPair > withe desired value, eg: ip:addr-pool=inet etc. and > have > the op field set to +=, so you may have more than > one > cisco VSA. > > -- > > Best regards, > Alexey Chetroi > > --- > Smile... Tomorrow will be worse. (c) Murphy's law > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html