What is the debug output? What happens when you try to login to the
router? User denied?
On Fri, 9 Jul 2004, Robert Banniza wrote:
> Guys,
> We are trying to allow users to authenticate to Cisco 26xx routers using
> Freeradius with the rlm_ldap module (OpenLDAP). We would like some of
> these users to be able to log in with enable privileges. The following
> is what we have done to try this with no avail. The following is a
> sample ldif entry:
>
> #################################################################
> dn: uid=homer, ou=people, dc=test, dc=net
> objectclass: person
> objectclass: radiusprofile
> objectclass: uidObject
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: extensibleObject
> cn: Homer Simpson
> sn: Simpson
> loginShell: /bin/bash
> userpassword: {SSHA}fghkjfghkhgkfhgrofZyn2u9yiAAxbMP
> uidnumber: 2001
> gidnumber: 20
> homeDirectory: /home/homer
> uid: homer
> shadowLastChange: 10877
> shadowMin: 0
> shadowMax: 999999
> shadowWarning: 7
> shadowInactive: -1
> shadowExpire: -1
> shadowFlag: 0
> radiusAuthType: LDAP
> radiusReplyItem: Juniper-Local-User-Name := tier1
> radiusReplyItem: Cisco-AVPair := "shell:priv-lvl=15"
> radiusprofileDN: uid=homer, ou=people, dc=test, dc=net
> #################################################################
>
> The following is what we have on the router:
>
> #################################################################
> aaa new-model
> aaa authentication login default group radius enable
> aaa authorization exec default group radius
>
> enable secret password
>
> radius-server host 67.106.198.70 auth-port 1812 acct-port 1813
> radius-server retransmit 3
> radius-server key testing123
> #################################################################
>
> What else are we missing? Any help would be appreciated.
>
> Robert
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
