Thanks for your help Alan, your hints gave me the right thing to look at. For the curious here is the corrected configuration:
bash-2.03# cat /usr/local/etc/raddb/users DEFAULT Hint == "Enable", Auth-Type := System Service-Type = Login-User, Cisco-AVPair += "shell:priv-lvl=15" monkey Auth-Type := System Service-Type = Login-User, bash-2.03# cat /usr/local/etc/raddb/hints DEFAULT Suffix = ".en", Strip-User-Name = Yes Hint = "Enable", Cisco-AVPair += "shell:priv-lvl=15" Thanks again! Matt -----Original Message----- From: Alan DeKok [mailto:[EMAIL PROTECTED]] Sent: Friday, December 20, 2002 11:48 AM To: [EMAIL PROTECTED] Subject: Re: Cisco AV-Pairs & Suffix "Olney, Matthew" <[EMAIL PROTECTED]> wrote: > bash-2.03# cat /usr/local/etc/raddb/users > > monkey Auth-Type := System > Service-Type = Login-User, > > DEFAULT Hint == "Enable" > Cisco-AVPair += "shell:priv-lvl=15" With that configuration, "monkey" and "monkey.en" will both match ONLY the first entry. But if you had run the server in debugging mode like is suggest in the FAQ, README, and twice a day on this list, you would have noticed that. The solution is to make your configuration more like the sample 'users' file. READ IT. Especially the 'Auth-Type := System' piece, and the hints that come afterwards. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html