I am trying to move from Cisco's ACS to FreeRadius. I've successfully managed to, (with Alan's generous help), set up the FreeRadius server to authenticate against the UNIX user accounts, accept USER.en as an enabled user and log accounting information.
However I want to set up some accounts to allow only some commands. I have the following in the hints file: Cisco-AVPair += "shell:priv-lvl=15" I would think the default command would be something like: Cisco-AVPair += "shell:default-cmd=yes" But when I enable authorization on the switch it locks me out, and I have to reboot. Cisco doesn't seem to want you to figure out how to do this, and their documentation is somewhat... less than what one would hope. QUESTION: Does anyone know the Cisco-AVPair setup to instruct the NAS device to allow certain users (NOC personnel) to be able to only use the show commands, for instance? Thanks, Matt - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
